Voice control of endpoint devices through a multi-services gateway device at the user premises

ABSTRACT

A gateway device providing and managing interactive user voice-controlled home automation services over at least endpoint devices associated with the gateway device is described. Interfaces enable communications of the gateway device with at least one endpoint device located within a user premises and data networks. A processor coupled to the interfaces and programming in storage in the server operate a communications program for configuring the gateway to communicate with endpoint devices, associate endpoint devices with the gateway, and communicate with a remote serve to access service management center applications. A home automation control program provides operation via a home automation controller configured in the gateway with voice automation messaging protocols based on the voice commands to enable interactive voice-controlled control of endpoint devices using voice commands and automate functions associated with the endpoint devices.

TECHNICAL FIELD

The present subject matter relates to a gateway device and/orprogramming for such devices, wherein the gateway device is enabled withclient programming for client-server communications using a presence andnetworking messaging protocol. The gateway device may be configured by aservices subscriber and/or service provider to expose the presence andfunctionalities of one or more associated endpoint devices to localand/or remote presence and networking message servers or other devicesvia a wide area network. The subscriber and/or service provider may alsoconfigure the gateway to provide notices, status, or other messages inresponse to events, and may also configure the routing of such messagesto particular parties and/or devices for display.

BACKGROUND

The digital home is now becoming more complex with the myriad of new andemerging digital devices and services intended to address many user andconsumer needs such as communication, entertainment, privacy andsecurity, etc. These digital devices can be connected with a gatewaydevice in the user premises to form a home network. The digital devicescan have a variety of functionalities, as well as proprietary interfacesand communication protocols to access such functionalities. Although anincreasing number of emerging digital devices are enabled withprogramming for client-server communications using presence andnetworking message protocols, many digital devices rely on proprietarycommunications protocols and driver programs to allow them tointeroperate with devices in a home network.

A home network user may desire to have the associated devices of thehome network provide alerts, notifications, status, or other messages tothe user in response to particular events, and have such messagesdirected to specific individuals and/or digital endpoint devices fordisplay. Upon receipt of such messages, the user may desire to provideinstructions to one or more of the digital devices of the home network.The user may also desire to determine the status of one or more of thedevices of the home network in the absence of an event. The home networkuser may also desire to remotely handle and/or control various endpointdevices associated with a gateway device of the home network. However,the user may wish to limit the “visibility” of specific endpoint devicesand their functions to local or remote servers providing applicationsservices or server-side presence and networking communications for thehome network.

Additionally, the user may wish to establish peer to peer communicationsbetween the gateway device in the user premises and another local orremote gateway device with associated endpoint devices. The peer to peerconnection is desirable, as it may enable a user to access thefunctionalities and status of endpoint devices associated with anothergateway. The peer to peer communication is also desirable, as itminimizes management of communications between two or more gatewaydevices.

In that regard, it would be desirable to provide a gateway device for auser premises that provides a presence and networking messaging clientfor client-server communications, wherein endpoint devices associatedwith the gateway device may not be enabled themselves with such clients.It may be further desirable to enable a gateway device to be configuredby a services subscriber or a service provider to facilitate thehandling of events by the gateway and provide notices, status, or othermessages in response to events, and route such messages to particularparties and/or devices for display. Moreover, it may be desirable forassociated endpoint devices to communicate with one another via thegateway device, without using presence and networking communications. Itmay be further desirable to enable peer to peer communications betweentwo or more gateway devices.

SUMMARY

The technology discussed herein may be embodied in gateway devices,typically for deployment at user premises, and/or to programming fordevices that may function as such gateways. The gateway device isimplemented in such a manner as to provide client programming to enableclient-server communications using a presence and networking messageprotocol. The gateway device may be further configured to haveapplication service logic that functions as an intermediary betweenassociated digital endpoint devices and one or more driver programs. Thedriver program may communicate with the endpoint device using its owncommunication protocol. The driver may abstract the functionalities ofthe endpoint as a set of attributes for the endpoint device. The servicesubscriber (i.e., user) or a service provider may configure the gatewayso as to control the exposure of the presence and functionalities of theone or more endpoint devices to presence and networking messagingcommunication servers or other external devices.

Hence, in one example, a gateway device for operation at a user premisesis disclosed to provide and manage application services provided forendpoint devices associated with the gateway device. The gateway devicehas a first interface for enabling communications within the premises,with one or more associated endpoint devices within the premises. Thegateway device also has a second interface for enabling bi-directionalcommunications for the gateway device via a wide area network. Thegateway device further includes a processor coupled to the interfacesand storage coupled to the processor. The gateway device furthercomprises programming in the storage including a communications clientprogram for configuring the gateway to enable communications via theinterfaces, and to further enable client-server communications betweenthe gateway device and a remote communications server via the wide areanetwork using a presence and networking message protocol. Theprogramming in the storage also includes a driver program for at leastone associated endpoint device, the driver program enablingcommunications between the gateway device and the least one associatedendpoint device using at least one driver communications protocol,wherein the driver program enables the gateway device to control andmanage the at least one associated endpoint device using the at leastone driver communications protocol. The programming of the gatewaydevice includes application service programming for the applicationservices, wherein execution of the programming by the processor causesthe gateway device to provide functions, via one or both of theinterfaces, for each respective application service for one or more ofthe associated endpoint devices using the driver program and the atleast one driver communications protocol.

Execution of the programming by the processor causes the gateway deviceto provide enforcement regarding authorization, authentication,configuration, or use of the respective application service via theassociated endpoint devices. The execution of the programming by theprocessor also causes the gateway device to provide management of theapplication services based upon the communications with a servicemanagement center via the wide area network through the secondinterface.

The associated endpoint device is typically without communicationsprogramming for presence and networking communications. Thecommunications client program of the gateway device may provide presenceand networking communications for the driver program, wherein the driverprogram communicates with the associated endpoint device withoutprogramming for presence and networking communications via the at leastone driver communications protocol. The presence and networkingmessaging communications may also be provided between the gateway deviceand the associated endpoint device, the endpoint device havingcommunications programming for presence and networking communicationsvia the respective driver program for the associated endpoint device.The presence and networking messaging communications of the gatewaydevice may also be provided between the gateway device and theassociated endpoint device where the endpoint device has presence andnetworking communications programming.

The presence and networking message protocol used by the communicationsclient of the gateway device may comprise an instant messaging typeprotocol. Endpoint device having presence and networking communicationsprogramming may utilize an instant messaging type protocol forcommunications.

The programming of the gateway device may also enable the first orsecond interface of the gateway device to establish peer communicationsusing presence and networking message communications of theclient-server communications between the gateway device and the remoteserver via the wide area network.

Execution of the programming by the processor further causes the gatewaydevice to support one or more application service interfaces viadifferent endpoint devices using the associated driver program, withrespect to one or more application services provided through the gatewaydevice. One of the different application service interfaces is a userinterface for implementation via a personal computer type endpointdevice, a cell phone type endpoint device, a personal digital assistantendpoint device, a remote control type endpoint device, or a television,or any combination thereof. An alert message or status message may betransmitted from the gateway device using the driver communicationsprotocol to the personal computer, cell phone, personal digitalassistant, remote control, or the television for display in the userinterface, or overlaid onto or inserted into a display of thetelevision, cell phone, personal digital assistant, remote control, orpersonal computer. An alert message or status message also may betransmitted from the associated endpoint device via the gateway deviceusing the driver communications protocol to the personal computer, cellphone, personal digital assistant, remote control, or the television fordisplay in the user interface, or overlaid onto or inserted into adisplay of the television, cell phone, personal digital assistant,remote control, or personal computer. The user interface, enabled by thedriver program and driver communications protocol, enables a user todetermine status, change a configuration, view an event log, or anycombination thereof for the associated endpoint device.

The exemplary gateway device may further include programming in thestorage that has configuration data for management, responses, andinteractions with an associated endpoint device in response to aclient-server communication between the gateway and the remotecommunications server via the wide area network using the presence andnetworking message protocol. The configuration data may be received bythe gateway device from a service management center via the wide areanetwork through the second interface of the gateway device. Theconfiguration data also may be received by the gateway device from auser via the first interface, second interface, or the first and secondinterfaces. The configuration data and the driver program may alsoprovide a list of functionalities and status of the respective endpointdevices to the communications client program for use with client-servercommunications with the remote communications server via the wide areanetwork.

The programming on the storage of the exemplary gateway device mayinclude configuration data for parameters of access, control,presentation notification and service for each associated endpointdevice.

The exemplary gateway device may be comprised of service logic, whereinthe service logic processes communications received by thecommunications client for an associated endpoint device via the driverprogram.

In addition, the communications client of the exemplary gateway devicemay enable client-server communications with a public communicationsserver or a private communications server via the first or secondinterfaces. The remote communications server may be a presence andnetworking message server or a service management center.

The driver program of the gateway device may enable communicationbetween a first associated endpoint device and a second associatedendpoint device via the at least one driver communications protocol. Thefirst associated endpoint device may transmit an alert message or statusmessage to the second associated endpoint device via the at least onedriver communications protocol. The configuration data of the gatewaydevice may provide a list of functionalities and status of the firstassociated endpoint device to the second associated endpoint device viathe at least one driver communications protocol.

The communications client programming of the gateway device that enablesclient-server communications with a remote communications server via thewide area network may further enable communication with a second gatewaydevice via the remote communications server. The communications clientprogramming of the gateway device may receive wide area network addressinformation via the remote communications server from the second gatewaydevice, such that the received network address information enables thegateway device to establish peer to peer communication between thegateway device and the second gateway device. The gateway device maytransmit a list of functionalities to the second gateway device via thepeer to peer communications between the gateway device and the secondgateway device. The list of functionalities transmitted may be basedupon the associated endpoint devices of the gateway device. The list offunctionalities of the associated endpoint device transmitted may alsobe based on configuration data for each associated endpoint devicelocated in the programming in the storage of the gateway device.

In addition, a first endpoint device associated with the gateway devicemay be a remote control. The gateway device may be enabled to receive asignal from the remote control via the driver communications protocol ofthe driver program, wherein the gateway device may control and managethe second associated endpoint device via the driver program based onthe received signal from the remote control.

The disclosure also encompasses program products for implementinggateways of the type outlined above. In such a product, the programmingis embodied in or carried on a machine-readable medium. For example, thedetailed description discloses an exemplary product comprising amachine-readable medium and programming embodied in the medium forgateway device for operation at a user premises to provide and manageapplication services provided for endpoint devices associated with thegateway device. The gateway device has a first interface for enablingcommunications within the premises, with one or more associated endpointdevices within the premises. The gateway device also has a secondinterface for enabling bi-directional communications for the gatewaydevice via a wide area network. The gateway has a processor coupled tothe interfaces, wherein the programming is executable by the processor.The programming includes a communications client program for configuringthe gateway to enable communications via the interfaces, and to furtherenable client-server communications between the gateway device and aremote communications server via the wide area network using a presenceand networking message protocol. The programming also includes a driverprogram for at least one associated endpoint device, the driver programenabling communications between the gateway device and the least oneassociated endpoint device using at least one driver communicationsprotocol, wherein the driver program enables the gateway device tocontrol and manage the at least one associated endpoint device using theat least one driver communications protocol. The programming alsoincludes application service programming for the application services,wherein execution of the programming by the processor causes the gatewaydevice to provide functions, via one or both of the interfaces, for eachrespective application service for one or more of the associatedendpoint devices using the driver program and the at least one drivercommunications protocol.

The detailed description discloses an exemplary system to provide andmanage application services for endpoint devices. The system includes agateway device for operation at a user premises to provide and manageapplication services provided for endpoint devices associated with thegateway device. The gateway device has a first interface for enablingcommunications within the premises, with one or more associated endpointdevices within the premises. The gateway device also has a secondinterface for enabling bi-directional communications for the gatewaydevice via a wide area network. In addition, the gateway device includesa processor coupled to the interfaces, storage coupled to the processor,and programming in the storage. The programming includes acommunications client program for configuring the gateway to enablecommunications via the interfaces, and to further enable client-servercommunications between the gateway device and a remote communicationsserver via the wide area network using a presence and networking messageprotocol. The programming also includes a driver program for at leastone associated endpoint device, the driver program enablingcommunications between the gateway device and the least one associatedendpoint device using at least one driver communications protocol,wherein the driver program enables the gateway device to control andmanage the at least one associated endpoint device using the at leastone driver communications protocol. The programming further includesapplication service programming for the application services, whereinexecution of the programming by the processor causes the gateway deviceto provide functions, via one or both of the interfaces, for eachrespective application service for one or more of the associatedendpoint devices using the driver program and the at least one drivercommunications protocol. The system also includes a service managementsystem coupled to the wide area network for communication with thegateway device, for remotely managing the delivery of the applicationservices via the gateway device.

The service management center of the system may include the remotecommunications server. Alternatively, the remote communications servermay be separate from the service management center. In eitheraforementioned arrangement, the remote communications server may be apublic communications server or a private communications server.

Additional advantages and novel features will be set forth in part inthe description which follows, and in part will become apparent to thoseskilled in the art upon examination of the following and theaccompanying drawings or may be learned by production or operation ofthe examples. The advantages of the present teachings may be realizedand attained by practice or use of various aspects of the methodologies,instrumentalities and combinations set forth in the detailed examplesdiscussed below.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawing figures depict one or more implementations in accord withthe present teachings, by way of example only, not by way of limitation.In the figures, like reference numerals refer to the same or similarelements.

FIG. 1 is a layered logical block diagram with arrows representing stepsof a sample logical flow, for an application client to access a specificmanaged application service, in a gateway device-service managementcenter type network configuration.

FIG. 2 is a network diagram depicting a gateway device, a presence andnetworking message communication server, a service management center,and endpoint devices.

FIG. 3 depicts the managed application services delivery platform.

FIG. 4 is a network diagram, depicting a gateway device, endpointdevices at the user premises, one or more wide area networks and aservice management center.

FIGS. 5A-5D depict the software and hardware architectures of themulti-services applications gateway device.

FIG. 6 depicts the networked operations services support infrastructureof a network implementation of the service management center, fordelivering service capabilities to the multi-services applicationsgateway device of FIG. 4 .

FIG. 7 depicts a flow diagram for an Application Network Gateway (ANG)establishing a connection and updating its associated information withan Application Services Provider.

FIG. 8 depicts a flow diagram of the Application Network Gateway (ANG)updating the Application Services Provider's information after the ANGhas experienced a network address change.

FIG. 9 depicts a flow diagram of two Application Network Gateways(ANGs), as managed by the Application Service Provider, communicatingtheir attributes to one another.

FIG. 10 depicts a flow diagram of two Application Network Gateways(ANGs) establishing a peer to peer connection between on another.

FIG. 11 is a home automation control network depicting a gateway device,a home automation control node and associated devices, TV and PC displaydevices, and a presence and networking message protocol client.

FIG. 12 depicts an exemplary user interface showing a generated list ofdevices connected to the gateway and their current status.

DETAILED DESCRIPTION

In the following detailed description, numerous specific details are setforth by way of examples in order to provide a thorough understanding ofthe relevant teachings. However, it should be apparent to those skilledin the art that the present teachings may be practiced without suchdetails. In other instances, well known methods, procedures, components,and circuitry have been described at a relatively high-level, withoutdetail, in order to avoid unnecessarily obscuring aspects of the presentteachings.

The various technologies disclosed herein provide application servicelogic in a gateway device in the customer premises. The gateway may beenabled with client programming to facilitate client-servercommunications using a presence and networking message protocol. Theapplication service logic of the gateway device may have programming forproviding application services and to facilitate communications with theclient programming, as well as configuration data. The applicationservice logic also serves as an intermediary between the clientprogramming and associated endpoint devices coupled to the gatewaydevice. One or more driver programs enable communications between theendpoint devices and the service logic. The driver program communicateswith each device using a proprietary communication protocol.

The driver program may also enable associated endpoint devices tocommunicate with one another.

As directed by the configuration data of the service logic, which isestablished by a service subscriber (i.e., user) or service provider,the presence and/or various functions of an endpoint device may beprovided to local or remote servers, or other devices. The configurationdata of the service logic may also provide guidelines for an endpointdevice providing status updates, notices, or other messages toparticular users and/or particular display devices.

The gateway device is also implemented in such a manner as to offer itsuser many of the applications services from the user premises. Asfurther described below, these application services comprise, by way ofexample, programming to simplify support services in the digital homeincluding one or more of: media delivery, content management, accesscontrol and use tracking, file sharing, and protection and back-upservices of both Internet/Web-generated digital media content and usergenerated digital media content. The gateway device is programmed tosimplify various aspects of managing the emerging home/business digitalnetworks including the myriad of interconnected digital endpoint devicesassociated with the gateway device. It is important to note that theendpoint devices need not reside within, or be located at, the premisesto maintain their association with the gateway device. The applicationservices offered via the gateway device may be managed by the servicemanagement center.

The gateway device and the system architecture effectively place a setof application services on a tightly coupled (e.g. always-on oralways-available basis), secure hardware platform that is externallymanaged by the service management center. The gateway device comprisesapplication services programming, and associated hardware, that ispositioned on the user premises side of the Network Service ProviderDemarcation, which is configured to be managed by an external servicemanagement center.

Reference now is made in detail to the examples illustrated in theaccompanying drawings and discussed below. FIG. 1 is a high-leveldiagram of the architecture of the gateway-service management centernetwork as disclosed herein, as well as the logical flow of how aspecific Application Client residing at a User Premises could interactwith an Application Service in a gateway device that is being managed inthe gateway-service management center network configuration. FIG. 1shows application services that logically reside at the ApplicationServices Layer (AS Layer) in the User Premises Network, i.e., on thehardware components located in the user premises, such as, by example, agateway device. In particular, the programming that implementsapplication services is logically positioned on the user premises sideof the Network Service Provider Demarcation. The application service onthe user premises side that enforces authorization, authentication,configuration, or use of the respective service via an endpoint deviceis logically depicted in FIG. 1 as the Application Services Enforcement(ASE) module in the AS Layer of the User Premises Network. The ASEmodule may also communicate via the wide area network with theApplication Services Management (ASM) logic residing in the servicemanagement center.

FIG. 1 depicts an approach in which the Application Services Logic (ASL)and the ASE functions reside on the User Premises side. As discussedmore below, the ASL and the ASE functions are implemented as high-levelserver type logic within a home gateway device at a user premises. Otherelements shown in FIG. 1 that may reside in the user premises gatewaydevice include the user premises-side network function or NF (switch,router or bridge) and the LAN termination for communication with theendpoint devices implementing the application client functions. Thus,with reference to FIG. 1 , the first interface, as described above, forenabling bi-directional network layer communications on the user's sideof the premises with one or more of the associated endpoint devicesresides at the Network Interconnect (NI) Layer and provides the LAN(Local Area Network) Termination referenced therein. FIG. 1 also depictsthe WAN (Wide Area Network) termination providing connectivity to thewide area network (network-side NF—Internet or private wide area datanetwork). The gateway device's second interface, as described above, forenabling bi-directional network layer communications for the associatedendpoint devices via a wide area network resides at the NI Layer andprovides the WAN Termination referenced therein. The gateway device'ssecond interface also enables bi-directional communications between itand the service management center via the WAN.

With reference to FIG. 1 , the core of the logical capacities of theservice management center resides on the Service Provider Network, andis depicted as the Application Service Management (ASM) portion of theApplication Service Delivery Platform (ASD) in the AS Layer. The ASMfunction is implemented in the service management center, which isexternal to the user premises, and on the network side of thedemarcation line in FIG. 1 . The ASL and ASE functions maintain logicalconnectivity or interaction with the Application Service Management(ASM) function in the service management center, typically viacommunication through a wide area network. This logical connectivity isestablished through an always-on (or on an as needed, periodic basis),secure communication channel between the User Premises AS Layer (ASL andASE) and the Service Provider AS Layer (ASM) at the service managementcenter. The service management center and the communications of thecenter with one or more of the gateway devices provides aninfrastructure support and/or management of the application servicesoffered to endpoint devices and their users by the logic implemented inthe gateway device(s). Effectively, the ASD, considered in its entirety,extends all the way to the User Premises and traverses the Network andNetwork Service Provider Demarcation. The secure communications channelis established through the NF Layer and the NI layer.

The examples discussed herein also introduce a logical platformmanagement layer to the user premises-side, which allows for inter-layerallocation of local resources. This function guarantees access betweenthe Application Service Logic function on the user premises network andthe applications service management function in the service managementcenter by assuring that the local user premises hardware and softwaremodules are functioning at a required state (CPU and memory usage,bandwidth usage, QoS settings, etc.) in order for the ASL to have thenecessary resources to establish its required communications path to theASM.

The platform manager is also responsible for implementing that part ofthe managed application services to be performed by the gateway device.In that regard, the platform manager secures and manages the overallhardware platform, given that in this scenario, the NF layer and the ASlayer reside on one hardware platform. This secure hardware platformprovides a robust and secure operating environment for the AS Layer. So,to establish a secure and robust hardware operating environment, theplatform manager must interface with all the layers above it and allowfor bi-directional management information flow among all of thefunctions. For example, if the Application Client is a telephonyapplication and the desired application is call processing, theapplication must first connect to the LAN termination interface (1).Then a connection must be established to the AS Layer through the NFlayer (2). At this point the platform manager determines if there aresufficient resources available for this to take place on the routing andswitching modules and if there is not sufficient resources on either theLAN Termination interface or the NF layer functions, it would take thenecessary corrective measure to free up the required resources so thatthe application can execute properly (e.g. prioritize packets, throttlebandwidth, attempt to reduce noise on an RF interface, or free up timeslices on a TDMA interface such as MoCA). Once that is done, theconnection is established to the AS Layer (3), where the ASE and ASL,having been updated by the ASM in the network, respond instantaneouslyto the Application Client, completing the service request.

Application services represent functionalities, implemented in thehigher layer(s) of the protocol or logical stack above the networklayer(s) that may extend up to the top application layer (layer 7 of theOSI model). An application service, for example, provides applicationserver communication with a client functionality of one or more endpointdevices, for the respective service, communicated on top of networklayer communications through the interfaces. In the examples, theservices are provided on a subscription service basis to users at thepremises. Hence, the application service logic provides enforcementregarding authorization, authentication, configuration, and/or use ofthe respective service via the endpoint devices. The application serviceincludes service and feature functions, implemented and controlled bythe application service logic. Management of the application service isbased on communications with the service management center via the widearea network.

The illustrated architecture of the gateway device-service managementcenter network enables other features and capabilities that have notpreviously been available to the user. For instance, peer-to-peerapplication communication between or among gateways is possible withoutthe need to go through, or utilize resources at, an external servicemanagement center or presence and networking message server.Communications through the service management center are also possible.In addition, given the considerable functionality present in the gatewaydevice, and its ability to manage the various endpoint devicesassociated with it (as explained below), the user interface with thegateway can be presented and utilized on the home TV. Additionally,information from other endpoint devices, such as the PC, network sources(such as an RSS (Really Simple Syndication) service), may now beoverlaid on the TV screen so that, for example, PC messages, or weatherinformation, can be viewed on the TV screen, and the functionality ofthe PC (or other home-networked endpoint devices) can be accessed fromthe TV screen. As described below in connection with FIG. 2 , gatewaydevice 10 may direct alerts, notifications, and messages from associatedendpoint devices to users and display them on one or more devices asspecified by subscribers or service providers in configuration datastored by the gateway device.

Gateway Device, IM Server, and Service Management Center Architecture

As illustrated in FIG. 2 , gateway device 10 may be configured with apresence and networking message protocol client (e.g., IM client 610)that may communicate with a local or remote server (e.g., IM server 99c, which may be part of IM networks 99 a and/or 99 b as described below,or service management center 50). With IM client 610, gateway device 10may be configured as an 1M endpoint so as to expose one or moreresources of associated endpoint devices (e.g., devices 560, 570, 580,etc.), and/or the presence of the associated endpoint devicesthemselves, under the management of gateway device 10. The management bygateway device 10 of the one or more associated endpoint devices (e.g.,devices 560, 570, 580, etc.) may include, for example, the routing ofnotification messages from the associated endpoint devices to users 590or service providers 50 b, and file sharing among the endpoint devices.Preferably, gateway device 10 does not extend the presence andnetworking message protocol functionality of IM client 610 to theassociated endpoint devices (e.g., devices 560, 570, 580, etc.).

As shown in FIG. 2 , gateway device 10 may be configured with servicelogic 500, which acts as an intermediary between the IM client 610 andthe drivers for the endpoint devices. Application service logic mayinclude programming 510 that interacts with drivers for devices, andconfiguration data 520. Drivers (e.g., driver 530, driver 540, driver550) may be configured to control and manage the various endpointdevices associated with gateway device 10. For example, driver 530, 540,and 550 may manage devices 560, 570, and 580, respectively. Although notshown in FIG. 2 , one driver may manage more that one device. Endpointdevices, such as endpoint devices 560, 570, and 580, may include anydigitally-enabled device. Additionally, drivers may enablecommunications between endpoint devices associated with the gateway, asdiscussed in further detail below.

IM client 610 of gateway device 10 may interact with the driverassociated with the endpoint device through the implemented applicationservice logic 500. Service logic 500 is configured to specify whichdevices, attributes, and operations are exposed to the IM server 99 cvia messages 670 with IM client 610. Through the service managementcenter 50, the service provider 50 b may also specify parameters ofoperation and presentation of application services provisioned by theservice provider (e.g., using provisioning server 50 a). The servicelogic 500, may include configuration data 520, which may be configuredby user 590 or the service provider 50 b to specify rules for handlingincoming IM messages (e.g., IM messages 670, which may be any suitablemessages using a presence and networking message protocol, such asInstant Messaging) to gateway device 10 and the routing of thosemessages to the appropriate managed endpoint device (e.g., endpointdevices 560, 570, 580, etc.) using one or more drivers (e.g., drivers530, 540, 550, etc.) associated with the endpoint device.

The intermediary service logic 500 in gateway device 10 may beconfigured by user 590 of gateway device 10 to establish the managementparameters of associated digital endpoint devices 560, 570, 580, etc.Configuration data 520 of service logic 500 may store the managementparameters for the one or more associated endpoint devices. Thus, localor remote IM users via IM server 99 c may interact with or manageendpoint devices associated with gateway device 10 that may not be notbe enabled with a presence and networking message protocol client (e.g.,IM client) protocol. Thus, service provider 50 b and user 590 mayconfigure the configuration data 520 of gateway device 10 so as tomanage the response of gateway device 10 to an IM event (e.g., IMmessage 670) by providing customized notification from associatedendpoint devices, as well as management and responses of, andinteraction with, associated endpoint devices.

IM client 610 enables gateway 10 to communicate with other externalentities through a local or remote IM server 99 c using a presence andnetworking message protocol (e.g., IM protocol). Preferably, IM client610 is the IM client presented to an external entity via IM server 99 c.Alternatively, one or more endpoint devices may be enabled with an IMclient and may be visible to IM server. IM client 610 of gateway device10 presents endpoint devices (e.g., devices 560, 570, 580, etc.) and/ordevice functionalities to external endpoint clients communicativelycoupled to IM server 99 c based upon configuration data 520 in servicelogic 500. For example, gateway device 10 with IM client 610 may bevisible to an external user, and the associated endpoint devices ofgateway device 10 may not be visible. In a preferred embodiment, IMclient 610 of gateway device 10 reveals associated endpoint devices itmanages based upon configuration data 520, and such that the endpointdevices and their respective functionalities are revealed as attributesand operations of IM client 610.

Associated with gateway device 10 are one or more endpoint devices(e.g., device 560, device 570, device 580, etc.). These devices do notneed to be enabled with presence and networking protocol clients (e.g.,IM clients) or function as IM-intelligent devices. Although such devicesmay have IM clients or function as IM-intelligent devices, theindividual devices and their associated functionalities are preferablynot presented directly to external clients. Rather, the presence andfunctionalities of these devices are represented by IM client 610 ofgateway device 10 as specified by configuration data 520. Alternatively,configuration data 520 may be configured by user 590 or service provider50 b so as to directly present the presence and/or functionality of anassociated IM-intelligent device.

As described herein, endpoint devices may become associated with, andconfigured to, gateway device 10. Each endpoint device has an associateddriver (e.g., driver 530, driver 540, driver 550, etc.) whichaccomplishes the association with, and configuration to, gateway device10. The driver communicates with the device (e.g., device 560, device570, device 580, etc.) directly using its own proprietary communicationprotocol. The driver abstracts the capabilities of the endpoint devicewith which it is associated to form a set of attributes and operationsfor that type of endpoint device. For example, digital photo frames mayhave the same kind of driver capabilities, but each digital photo framemay have its own particular driver implementation.

Intermediary service logic 500 of gateway device 10 uses the one or moredrivers (e.g., driver 530, driver 540, driver 550, etc.) to communicatewith the endpoint devices. The intermediary service logic 500 interactswith one or more drivers through, for example, a an applications programinterface (API). Thus, specific communication protocols either supportedby or utilized by each endpoint device need not reside in intermediaryservice logic 500, and may reside in the drivers. As discussed above andas illustrated in FIG. 2 , intermediary service logic 500 may bepositioned between the IM client 610 device drivers (e.g., drivers 530,540, 550, etc.). Once an endpoint device is detected by and configuredto gateway device 10, intermediary service logic 500 may enable user 590or the service provider 50 b to establish or revise configuration data520 to what extent, if any, the presence and/or functionalities of theendpoint devices are available via IM client 610 to external entities.Thus, user 590 may, for example, set parameters for access, control,presentation, notification and level of service for one or more endpointdevices. These parameter selections may be stored in configuration data520. For example, the user can decide who can view the endpoint devicesand the attributes and operations exposed to an IM external entity. Thisarrangement allows the IM client 610 to utilize the endpoint devices andfunctionalities, as well as and present these functionalities as part ofthe capabilities of gateway device 10 that may be exposed to an externalentity. From the perspective of the external entity or external IMserver (e.g., IM server 99 c), IM client 610 of gateway device 10appears as the sole endpoint, even though gateway device 10 to utilizethe capabilities provided by the associated endpoints.

Intermediary service logic 500 may enable user 590 of gateway device 10to define the notices and/or alerts provided by gateway device 10 inresponse to an IM event. User may specify various notificationprotocols, which may be stored as configuration data 520, that may beused to determine how gateway device 10 responds to an IM event. Forexample, user 590 may have the ability to establish, with configurationdata 520, whether notices may be displayed on certain associatedendpoint devices (e.g., a television, PC, personal digital assistant,cell phone, remote control, etc.) advising of an IM event or inviting aresponse to an IM event. User 590 may also specify in configuration data520 whether IM notices may be sent to an external entity with an IMclient in response to an IM event, whether the notice is informationalin nature and that actions in respect to an endpoint device areautomatically taken by gateway device 10, or whether a response to thenotice is required before any action will be taken. For example, noticesmay be displayed on the TV a particular room when a phone call isreceived providing the caller's identification and other relatedinformation. The notification protocol, as defined in configuration data520, may be programmed to display the notice for a predefined period oftime (e.g., ten seconds, one minute, etc.) on a television or otherdisplay device (e.g., cell phone, personal digital assistant, remotecontrol, PC, etc.). The notification protocol may require a response bywhich the call may be answered and the TV programming paused, or thecall is routed to a voice mail or other messaging storage. Thus,configuration data 520, as set by user 590 or service provider 50 b, mayenable gateway device 10 to have an plurality of different options forresponse to an IM event, depending on the nature of the event and theendpoint device indirectly involved. This differs from previousapproaches in which notification and messaging protocols are providedthrough a central IM service.

In an illustrative example, a TV, digital picture frame, and garage doormay be devices associated with and configured to gateway device 10.Application service logic 500 of gateway device 10 may be utilized byuser 590 to present to an external IM entity the following as theidentified resource:

-   -   Gateway device—Video        -   Digital Pictures    -   Garage Door.

In the above example, user 590 has made configuration selections, whichmay be represented by configuration data 520 such that intermediaryservice logic 500 may present the garage door, but not the TV or digitalpicture frame to external IM clients (i.e., IM clients other than IMclient 610). Instead, IM client 610 of gateway device 10 offered to thehome user environment by the TV or digital picture frame has beenpresented. Even though the Garage Door is listed as an endpoint and maybe IM-enabled, the external entity does not communicate with the GarageDoor directly. Rather, IM client 610 may control and communicate withthe Garage Door through the intermediary service logic 500.

The resources presented to an external IM entity may be dependent on theidentity of the IM entity. For example, a father and mother may bepresented with the Garage Door resource, but not their children or thoseon the roster or buddy list for the registered IM community. Otherrestrictions that user 590 may implement through the intermediaryservice logic 500 may allow IM external entities to view identity andstate of the endpoint device, but in a read-only attribute on the IMClient 610. Therefore, the configuration of configuration data 520 maydetermine the external entities that may directly interact with anyendpoint device, and the extent of that interaction. The interactionwith endpoint devices is governed and managed by the intermediaryservice logic 500 and associated configuration data 520.

Along with the resources presented, IM client 610 may presentcorresponding or associated capabilities and states. For example:

-   -   Gateway device        -   Video (available)        -   Digital Pictures (available)    -   Garage Door (open).

Intermediary service logic 500 may further enable user 590 to determinethe manner in which an event is handled by gateway device 10 and theassociated endpoints. In the preceding example, if an external entitysends a digital picture, gateway device 10 may be programmed to notifythe subscriber (e.g., user 590), through messages displayed, forexample, on the TV, the picture frame, or a cell phone, that a digitalpicture has been offered. The subscriber may elect which associated endpoint device to display the digital picture, e.g., the TV, the digitalpicture frame. Alternatively, gateway device 10 may be programmed todisplay the offered digital picture on a pre-selected endpoint device,such as the TV, upon receipt. The response to each event may beprogrammed (e.g., as part of configuration data 520) to be dependent onthe source of the event and/or request or the nature of it.

In another example, user 590 may decide not to present resources (e.g.,to IM server 99 c) via IM Client 610, but may configure the servicelogic to consider the type of incoming IM message (e.g., message 670)for routing to a particular device. For example, incoming file sharescould be routed to the digital picture frame without an IM externalentity being aware that the IM Client 610 has an associated pictureframe.

Gateway device 10 may have further programming (e.g., the API anddrivers as described above) that communicates with the endpoint devices(e.g., device 560, device 570, device 580, etc.). If the endpoint deviceis IM-enabled, the communication may be based on an IM protocol fromgateway device 10. Or, it may be based on an alternative communicationprotocol based on the capabilities of the endpoint device or theprogramming in service logic 500. Preferably, for IM-enabled end-pointdevices, the endpoint device does not communicate directly with theexternal entity, but does so through service logic 500 of gateway device10.

If the endpoint device is not IM-enabled, the communication may befacilitated by any appropriate communication protocol. In particular,the endpoint device may communicate its state through the associateddriver (e.g., driver 530, driver 540, driver 550, etc.) to theintermediary service logic 500. Intermediary service logic 500 mayexposes the state condition to, e.g., as an attribute of IM Client 610,if so configured to do so by user 590. The endpoint device is thus ableto communicate events to gateway device 10.

As described above, the notification protocol as selected or predefinedin configuration data 520 may enable IM client 610 of gateway device 10to determine the recipient (e.g., an IM external entity or anotherassociated endpoint device) of messages or notification. The messagesand/or notifications may be endpoint device state notices and messagesgenerated by IM Client 610 in response to IM events. This determinationcan be made by reference to a “roster” created by user in accordancewith programming selections available by the intermediary service logic500 (wherein the selections may be stored as configuration data 520).The roster may particularized based on event or endpoint device, and mayvary depending on the type of event associated with designated end-pointdevices. IM client 610 may automatically inform particular end-pointdevices and/or IM external entities of state changes of other end-pointdevices or of IM events or messages received from IM external entities.Because IM external entities may include other gateway devices, which inturn have their own associated end-point devices, it is possible thatthe programming choices may, in response to state changes in oneendpoint device associated with gateway device 10, automatically triggeror effect state changes in other gateway device and/or endpoint devicesassociated with other gateway devices.

The gateway device 10, IM server 99 c, and service management center 50illustrated in FIG. 2 may be used in the context of a home managementsystem. A more specific example of a home management system is describedbelow in connection with FIG. 11 , which illustrates a home automationcontrol network. Turning to FIG. 2 , the received event (e.g., message670) may be a state notice from the garage door (e.g., device 560, 570or 580, etc.) to the gateway device 10 (via a driver program) that it isopen. Gateway device 10 may determine the user and device associatedwith the user that should receive the state notice (e.g., as directed byconfiguration data 520). For example, while several cell phones (family,friends, etc.) on an IM Roster associated with the gateway device 10,the programming of intermediary service logic 500 gateway device 10 maydirect IM client 610 to communicate only to e.g., a mother and father'scell phones regarding the garage door state. The mother may respond bydirecting the garage door be closed. IM client 610 of gateway device 10may receive the event (e.g., message 670 with the instruction to closethe door), and intermediary application service logic 500 determines ifthe event is to be processed and implemented. Having verified the event,the instruction is implemented through driver and/or API resident ongateway device 10. The door is closed, and the drivers receive stateinformation. The state information may be shared with the intermediaryapplication service logic 500, which determines if the state informationis to be communicated, based on configuration data 520. If it is to becommunicated, service logic 500 determines which associated externalentities are to receive that state notice (e.g., cell phones for themother and father of a family).

An event (e.g., message 670 as an incoming file, instruction, statenotice, etc.) arriving at the 1M client 610 of the gateway device 10,whether received from an associated endpoint device or from an externalentity (e.g., IM server 99 c), is handled and processed by intermediaryapplication service logic 500 of gateway device 10 according to theconfiguration and programming choices made by user 590 (stored inconfiguration data 520). User 590 may determine which of the entitiesare notified of the event, how they are notified of the event, and therange of responses available to the entity and the endpoint device.

Thus, in the arrangement illustrated in FIG. 2 , the external entity orexternal IM server (e.g., IM server 99 c) registers IM client 610 ofgateway device 10, and associated endpoint devices are not visible fromthe standpoint of IM server 99 c or other external entity. Although, thefunctionalities of one or more endpoint devices may be selected to beavailable to IM server 99 c or other external entity. From thestandpoint of user 590, gateway device 10 may be enabled to manage andcontrol one or more associated endpoint devices, and utilize them inresponse to events, according to programming or programming selectionsmade by the user 590 (and stored, e.g., as configuration data 520).

Gateway device 10 may also be managed by service management center 50.Thus, IM client 610 of gateway device 10 and associated applicationservice logic 500 may be provisioned and governed by the serviceprovider 50 b through service management center 50. This arrangement mayenable service provider 50 b to set the parameters for access, control,presentation, and level of service which may be stored in configurationdata 520, with user 590 able to make programming and service choiceswithin the parameters set by the service provider 50 b. The variousservices available through the gateway device 10 (e.g., home automation,file sharing, video download), and the features or capabilities withineach of those services, may be provisioned, configured, managed,initiated, or terminated through service management center 50. Thus, IMClient 610 may be managed externally to provide different levels andtypes of services and capabilities.

Note that the external IM Server 99 c illustrated in FIG. 2 can bepublic (e.g., an IM server operated by Yahoo®, Google®, MSN®, etc.) orprivate. In one particular embodiment, service management center 50 maybe configured to serve as an external but private IM server. Thiscapability is in addition to the management, servicing and provisioningcapabilities (e.g., as with provisioning server 50 a of servicemanagement center 50) described above. Thus, the architecture of thesystem illustrated in FIG. 2 may be configured to enable an establishedpublic IM service to provide presence and networking functions togateway device 10, or it can be configured to have the servicemanagement center 50 configured to be a private external IM server.Thus, the communication between gateway device 10 and service managementcenter 50, may provide a private, proprietary, and closed presence andnetworking message communication system. In addition, the IMclient-server communication link, whether public or private, may beoperated in a secure manner. When service management center 50 isenabled as a private external IM Server, the IM client servercommunications between service management center 50 and gateway device10 may be private and secure.

Communication Amongst Endpoint Devices Via the Gateway Device

Gateway device 10 may facilitate communication between various digitalendpoint devices (e.g., devices 560, 570, 580, etc.) associated withgateway device 10 using drivers (e.g., drivers 530, 540, 550, etc.) andservice logic 500.

For example, device 560 may be a remote control, device 570 may be atelevision, and device 580 may be a garage door. A user may use theremote control to make selections of video content for display on thetelevision. A remote control receiver may be communicatively connectedto gateway device 10, wherein the receiver has an associated driverprogram (e.g., driver 530). The driver may process the received signalfrom the remote, as the communication between the device and the drivermay utilize a driver communications protocol. The driver may transmitthe processed remote signal to programming 510 of service logic 500 toenable the remote to communicate with the television. Programming 510may determine which endpoint device may receive the processed remotesignal, as well as determine the application or service that the signalis requesting from the determined endpoint device. For example, thesignal from the remote may be to direct the television to change thechannel. Service logic 500 provides the request from the remote to thedriver for the associated television. The driver for the televisioncommunicates the request from service logic 500 (which was originallyfrom the remote) to the television using a driver communication protocolthat may be specific for communications between the driver and thetelevision. Upon receipt of the request as facilitated by the driver,the television may change the channel as the user had indicated.

Similarly, the garage door (e.g., device 580 as in the example above)may send a notification that the door is open. The notification may betransmitted to the driver (e.g., driver 550 of gateway device 10) usinga driver communication protocol. The driver may transmit thenotification to programming 510 of service logic 500. Usingconfiguration data 520, programming 510 may determine which endpointdevice to direct notification messages from the garage. For example, theconfiguration data may provide instructions that notification messagesshould be directed to the television (e.g., device 570). Programming 510directs the notification message to the driver program (e.g., driver540) associated with the television (e.g., device 570). The driverprogram uses a driver communication protocol to transmit thenotification message to the television for display. The televisionreceives the communication from the driver program and presents thenotification message for display.

Using the remote control, a user may respond to the notification messageby selecting a option to change the status of the garage door (e.g.,either from a selection offered by the notification message displayed orby selecting a menu option with the remote). Thus, the remote mayprovide a signal to the remote control receiver that is communicativelyconnected to gateway device 10, wherein the receiver has an associateddriver program (e.g., driver 530). The driver may process the receivedsignal from the remote, as the communication between the device and thedriver may utilize a driver communications protocol. The driver maytransmit the processed remote signal to programming 510 of service logic500 to enable the remote to communicate with the garage door via, e.g.,driver 550. Driver 550 may utilize a driver communications protocol tocommunicate to the garage door the command to close the door. Uponreceipt of the command via the driver communications protocol, thegarage door (e.g., device 580) may close.

A notification message may be sent from the garage door to driver 550via the driver communications protocol that the door has been closed.Driver 550 may provide the message to programming 510, which, in turn,may provide the message to driver 540. This routing of the message maybe, for example, based at least in part on configuration data 520.Driver 540 may transmit the message to the television (e.g., device 570)via the driver communication protocol for display. Thus, the user may beupdated as to the change in status of the garage door (i.e., status hasbeen changed from open to closed).

In addition, the remote control (e.g., device 560) may be enabled tofacilitate two-way communication between the remote control and gatewaydevice 10 via a driver communication protocol and a driver (e.g., driver530). To enable this communication, the remote control may be configuredwith a display that presents alarm, status, and/or notificationmessages, or any other information to a user. The remote and itsassociated display may be configured to present a menu to the user forselecting options to display the status of endpoint devices associatedwith gateway device 10, and enable the user to change the status of theassociated devices by providing selections.

A user may determine which messages are to be routed to the remotecontrol by gateway device 10, as well as determine which endpointdevices associated with gateway device 10 may be controlled by theremote by setting various device and messaging parameters inconfiguration data 520 of gateway device 10.

Turning to the example above, the remote control may provide a signal togateway device 10 to close the associated garage door endpoint device,and may also receive a notification message from the garage door viagateway device 10 that the door has been closed. This notificationmessage may be, for example, presented on the display of the remote. Inanother example, a user may be notified of the phone number of anincoming phone call, which may be displayed on the remote control'sdisplay.

Gateway device 10, in conjunction with service management center 50, maydeliver application services to associated endpoint devices, asdescribed further in connection with FIG. 3 .

Managed Application Services Delivery Platform

FIG. 3 depicts, at the Physical/Network layer shown therein, an exampleof user premises hardware components required for delivering dataservices (i.e. Internet connectivity) along with a separate,non-integrated managed hardware used in delivering a set of managedapplication services (i.e. IP telephony). The Network Service ProviderWide Area Network Termination Apparatus (NSP-TA) allows for a typicaltermination of Wide Area Network Services, such as DSL, Cable, Fiber,etc, by a network services provider. The NSP-TA provides the WANTermination in the NI Layer (FIG. 1 ). The NSP-TA may be an existinguser-premises device, provided by the carrier supplying network servicesto the premises. FIG. 2 also depicts the Network Service ProviderDemarcation at the hardware level.

If configured as a standalone device, the NSP-TA device is required tohave its own CPU, Memory, physical interfaces and logic control. Inorder for Network Service Providers to deliver managed services, theytypically require a management element controlled by the CPU on theNSP-TA. To depict these logical elements residing on the hardwarecomponents, FIG. 3 includes an Application/Services Layer above thehardware layer. This layer corresponds to the AS Layer of FIG. 1 , butwithout reference to any logical elements residing at the networkservices provider. The management element, represented by the NetworkService Provider Managed Application, allows the network serviceprovider to determine the status of the network hardware device andinterfaces as well as maintain a certain degree of security enforcementat the customer premises. As noted, the network service functionality isat the NI and NF Layers and generally does not extend to the AS Layer(s)beyond basic authentication authorization and state management. As withthe hardware components, the logical elements also have a NetworkService Provider Demarcation as shown in FIG. 3 . On the WAN side,depicted as the Network Service Provider Managed Applications side, ofthe Network Service Provider Demarcation, resides the applications thatare managed, and under the exclusive control, of the network serviceprovider (the Network Service Provider Logic). The User Interface toManaged Applications is present on the LAN side of the Network ServiceProvider Demarcation within the Application/Services Layer. Within thisinterface resides programming and logic available to users other thanthe network service provider referred to as the Network User ControlledLogic. The Network User Controlled Logic, which is depicted at theApplication/Services Layer in FIG. 3 , provides a user interface to theNetwork Service Provider Logic and, to the extent permitted by theNetwork Service Provider Logic, interaction with or communicationbetween the user and network service provider through the Network UserControlled Logic and the Network Service Provider Logic, and to theNSP-TA hardware components. The Network User Controlled Logic allows forthe User of the hardware to make certain, minimal programming changesrelevant to their preferences (e.g., user name and password changes,local IP addresses changes, local interface selection). All user devicestypically can only communicate with the NSP-TA through one or more ofthe User Premises Network Interfaces. The user can modify the NetworkUser Controlled Logic through the User Premises Network Interface. TheNetwork Service Provider Demarcation is typically within the NSP-TA,logically dividing the Network Service Provider Interface and the UserPremises Network Interface modules. The network service provider doesnot have any in depth visibility or significant responsibility beyondthe Network Service Provider Demarcation.

The User Network and Application Delivery Apparatus (UNA-DA), shown onthe right hand side of FIG. 3 , is a separate managed gateway devicethat a managed service provider (which may be different than the networkservice provider) would control in delivering a set of applicationservices to the user premises. This device is required to have its owndedicated CPU, memory, logic control, as well as its own dedicated setof interfaces. The UNA-DA includes one or more Network Interfacesproviding connectivity to the NSP-TA as well as to user premisesendpoint devices. The interfaces provide the LAN Terminationfunctionality at the NI Layer (FIG. 1 ). One skilled in the art willreadily recognize, however, that the physical connection that connectsthe UNA-DA to the NSP-TA also provides connectivity for the UNA-DA tothe public (WAN side) network, and is the means by which the UNA-DAaccesses the public network. The end point devices connected to the LANInterface are on the private (LAN) side of that interface. The UNA-DAalso includes a switch, router or bridge for the NF Layer.

Programming elements of the UNA-DA are depicted at theApplication/Services Layer of the UNA-DA. Certain logical elements,depicted as the Application Service Provider Managed Applications andPlatform in FIG. 3 , on which resides, inter alia, the programmingcorresponding to the ASL and ASE of FIG. 1 , are managed by the managedapplication service provider's network control center, e.g. by the ASMthrough a wide area network (WAN) by means of a control channel to theApplication Service Provider Managed Applications and Platform. TheApplication Service Provider Managed Applications and Platform includesa platform management logic module that, with other programming in thePlatform and the ASM, allows the managed application service provider tocontrol the hardware elements of the UNA-DA in addition to any otherrelevant application services logic or hardware that may reside on theuser premises. For example, this programming enables managed applicationservice provider to control and manage the hardware elements on theUNA-DA to ensure proper use and allocation of the UNA-DA's processing,memory, storage, and bandwidth, to monitor local hardware security andgenerate needed alarms or protection sequences, and to prioritizeapplications based on a set of established policies. The user would havecontrol over specific parameters of the UNA-DA through the UserInterface and Platform to Managed Applications (User Controlled Logic)shown in FIG. 3 . These parameters allow the user to control the localbehavior of the interfaces and to configure the specific applications toaccommodate the user network as configured by the user and to implementthe user preferences for those applications.

To identify the separation of, and distinguish between, the programmingand hardware components subject to control by the managed serviceprovider and those subject to control by the user premises, FIG. 3identifies a dividing line across the logical elements of the UNA-DA,and a corresponding dividing line across hardware components, referredto as the Applications Service Provider Demarcation. The ApplicationsService Provider Demarcation is flexible in that it may extend logicallythrough the Application Services Interface (and, in a hardware context,through the Network Interface) to other devices that are under thelogical control of the Application Services Provider ManagedApplications and Platform, given that “services” are not restricted to aspecific hardware boundary.

There is no hard requirement for cross management between the UNDA-DAand the NSP-TA. Under this first scenario the user is responsible formaking the configuration changes in the specific user controlled logicmodules in order to get the two devices to communicate with each other.Optionally the two sub-systems can be combined together, eitherphysically in one hardware device, or logically as two separate hardwaredevices, but having one user managed interface.

The two hardware regimes described above (NSP-TA and the UNA-DA) may becombined into one managed hardware platform and, thereby, replace theneed for the user to have access to the User Premises Network Interfacewith the logic residing in the Platform Management logic module of theApplication Service Provider Managed Applications and Platform. Thiswould in effect replace the “user” access with a managed “machine”access, for aspects of the NSP-TA, as well as aspects of the applicationservices offered through the UNA-DA. Thus, the combination creates anintegral gateway device providing both network service and applicationservices, under centralized management. Although integrated, networkinterconnect functions of the NSP-TA may still be managed by the networkservice provider, as in the example of FIG. 3 . Those skilled in the artwill readily see additional combinations and configurations for thehardware comprising the NSP-TA and the UNA-DA. For example, in a furtherembodiment, all the hardware dedicated to the Network Service ProviderInterface may reside and be integral with the hardware comprising theUNA-DA. Thus, the hardware for the WAN interface may reside on theUNA-DA.

It may be helpful now to consider more detailed examples of the gatewaydevice-service management center network.

Gateway Device and Service Management Center Elements

Those skilled in the art will recognize that functions of the servicemanagement center, which reside in the Application Service Managementnode on the Service Provider Network, as depicted in FIG. 1 , may beimplemented in a variety of different ways, on one or more computerhardware platforms connected to the gateway devices via a wide areanetwork. FIG. 3 depicts an example wherein the implementation is onInternet or other wide area IP network 99. The example uses adistributed processing approach, in which the elements/platformsimplementing the service management center are interconnected forcommunication and for wide area communication, and in this way, thoseelements form a network 50 for implementing the service managementcenter.

As shown in FIG. 4 , the service management center network, through thelogical capabilities earlier depicted in FIG. 1 as the ASM module of theASD Platform at the AS Layer, manages application services for a numberof gateway devices 10, 10 ₁ . . . 10 _(n) located at various users'premises. These application services, shown as ASL and ASE in FIG. 1 ,implement their functionality within the Application Services Layer(FIG. 1 ), through programming that resides, at least in part, withinthe Application Service Provider Managed Applications and Platform ofthe UNA-DA (FIG. 3 ). As shown in FIG. 3 , secure connectivity to theservice management center network 50 is provided, in one embodiment, viaa WAN Termination interface, such as Ethernet WAN 53 over a broadbandconnection via the public Internet 99, or, for example, via a wirelessEvDO (Evolution Data Optimized) Internet data interface embodied as aPCMCIA (personal computer memory) wireless card 56. When the WANTermination interface 53 is used, for example, it may provideconnectivity to a broadband modem serving as the NSP-TA of FIG. 3 ,either as a separate unit or on a board included within the gatewaydevice 10. If the wireless WAN interface is used, there may be nophysical NSP-TA device, and the logic of the gateway device wouldimplement functions of the NSP-TA as well.

As will be described in greater detail herein below, the servicemanagement center 50 generally provides a communications and processinginfrastructure for supporting the variety of application services andrelated communications residing at the gateway devices 10, 10 ₁ . . . 10_(n). In an exemplary embodiment, this infrastructure may be configuredto provide a secure environment and may be IP-based. Preferably, thissupport architecture is designed for high availability, redundancy, andcost-effective scaling.

The secure platform for building and providing multiple applicationservices for digital endpoints associated with a gateway device requiresconnectivity between the gateway device 10 and each of a user's devices(referred interchangeably herein as “endpoint devices” or “digitalendpoint devices”). This connectivity may be provided by implementationof one or more USB ports (interfaces) 13, a wired Local Area Networkconnection such as provided by an Ethernet local area network (LAN)interface 16, or, a wireless network interface via a WiFi LAN accesspoint 62 provided, for example, in accordance with the I.E.E.E. 802.11b/g/n wireless or wireless network communications standard. Thesephysical interfaces provide the required network interconnectivity forthe endpoint devices to connect to the multiple application services.Although not shown in FIG. 4 , this connectivity between digitalendpoint devices and the gateway device may be accomplished by othermeans, including, by way of example, through of a virtual private areanetwork connection accessed through a WAN interface.

That is, the gateway device 10 interfaces with digital endpoint devicesincluding, but not limited to: a home automation networking device 20(e.g. X10, Z-Wave or ZigBee) for wired or wireless home networkautomation and control of networked home devices such as a switchcontroller 22, sensor devices 23, automatically controlled window blinds24, a controlled lighting or lamp unit 25 etc, individual or wired orwireless network of personal computing (PC) and laptop/mobile devices 30a, . . . , 30 c that serve as file sources, control points and hosts forvarious other client endpoints, one or more television display devices32 including associated set top boxes (STB) 35 a or digital mediaadapters (DMA) 35 b, one or more VoIP phone devices (e.g. SIP phones)40, or other devices (not shown) that convert IP interfaces to PSTN FXOand FXS interfaces.

As noted earlier, the gateway device 10 may provide an interface 35 b tothe Digital Media Adapter (DMA) for television (TV) 32, which enablesbidirectional wireline or wireless communication. This interfacesupports several functions for multiple services including, but notlimited to: media (e.g., video and music) by enabling the transfer ofmedia (e.g., video and music) to the TV; voice services, by providingfor Called Line ID and for voice mail control; and provide HomeAutomation Services including status and control of networked homeautomation devices. The DMA element 35 b converts audio and video(optionally) to a format suitable for a TV. In addition, the DigitalMedia Adapter 35 b may be capable of receiving context-sensitivecommands from a remote control device (not shown) and forwarding thosecommands to the gateway device 10. This enables the use of menus on theTV 32 for controlling application services and various featuresfunctions thereof, as offered by the gateway device 10. For example, theMedia Adapter/TV combination is able to provide the following featuresincluding, but not limited to: display of media; media controlfunctions, when enabled (FF, REW, STOP, PAUSE, etc); display of CallingLine Identification (CLID); control of voicemail; picture viewing;control of home automation; and user functions for the gateway device10.

A Set Top Box 35 a as shown in FIG. 4 also may handle media formatconversion (for example NTSC to ATSC television RF signals), digitaldecryption and other DRM (digital rights management) functions, andVideo On Demand Purchases, etc. The Set Top Box/TV combination may thusenable, by way of example: Media format conversion (for example NTSC toATSC); decryption; other DRM functions (such as expiry of leases),prohibition of copying to digital outputs, function restriction, etc.;Video On Demand Purchases; and media control functions (e.g., FF, REW,STOP, PAUSE, etc.).

Whether provided by the DMA interface 35 b and the TV 32 or by theset-top-box 35 a and the TV 32, the communications to and from the TVprovide a user interface for interaction with the gateway device 10. Theprogramming of the gateway device supports, among other things, agraphical user interface (GUI) via the TV, sometimes referred to as the“ten-foot” interface.

With respect to PCs interfacing with the gateway device 10, PCs mayserve as, among other things, file sources, control points and hosts forvarious software clients. Thus, the PC programming may work inconjunction with the ASL and ASE programming of the gateway device.Together, the PC programming and the ASL and ASE programming provide amore comprehensive and robust user experience. The gateway device 10 mayfurther provide a bidirectional wireline or wireless interface 35 c to aPC device 306 for supporting the transfer of media (e.g., video andmusic) to the computer for storage and viewing; for supporting voiceservices, e.g., by providing for calls from SIP soft clients; for filesharing, file back-up and home storage and home automation controlfunctions. The access point 62 offers wireless data communications witha PC 30 c. The gateway device interface through any PC may provide forthe bidirectional moving of files, and status and control for theendpoint devices, including for example, status and control of networkedhome automation devices. In addition, using the PC interface, users may,for example, share files on the gateway devices, back-up or transferfiles to the gateway devices or other storage; access personal page fornotifications, RSS, shared photos, voicemail, etc. In addition to the IMand SIP capabilities of the gateway device, as described more below, PCsmay also serve as a host for IM and SIP soft phone clients and otherclient devices. The client-server interaction of the PC with theapplication service logic of the gateway device 10 offers an alternativeGUI for at least some of the services. The PC based GUI is sometimesreferred to as the “two-foot” interface.

Although not shown in FIG. 4 , other digital endpoint devices for whichconnectivity may be established with the gateway device 10 include, butare not limited to: personal music or media players, hi-fi audioequipment with media streaming capability, game stations, Internet radiodevices, WiFi phones, WiFi or other wirelessly enabled digital cameras,facsimile machines, electronic picture frames, health monitors (sensorand monitoring devices), etc.

As described in greater detail herein, the gateway device 10 includesboth a hardware and software infrastructure that enables a bridging ofthe WAN and LAN networks, e.g. a proxy function, such that control ofany digital endpoint device at the premises from the same or remotelocation is possible via the gateway device 10 using, optionally, asecure peer and presence type messaging infrastructure or othercommunications protocols, e.g. HTTPS. For example, via any IM— capabledevice or client 80 a, 80 b respectively connected with an InstantMessaging (IM) or XMPP (Extensible Messaging and Presence Protocol)network messaging infrastructure, e.g. IM networks 99 a, 99 b such asprovided by Yahoo, Microsoft (MSN), Skype, America Online, ICQ, and thelike, shown for purposes of illustration in FIG. 4 , a user may accessany type of functionality at a subordinate digital endpoint device atthe premises via the gateway device 10 and service management center 50by simple use of peer and presence messaging protocols. In one exemplaryembodiment, a peer and presence communications protocol may be used suchas Jabber and/or XMPP. Particularly, Jabber is a set of streaming XMLprotocols and technologies that enable any two entities on the Internetto exchange messages, presence, and other structured information inclose to real time. The Internet Engineering Task Force (IETF) hasformalized the core XML streaming protocols as an approved instantmessaging and presence technology under the name of XMPP (ExtensibleMessaging and Presence Protocol), the XMPP specifications of which areincorporated by reference herein as IETF RFC 3920 and RFC 3921. Thus,the gateway device is provided with functionality for enabling a user toremotely tap into and initiate functionality of a digital endpointdevice or application at the premises via the IM-based messagingframework. In addition, the gateway device 10 and network connectivityto the novel service management center 50, provides, in a preferredembodiment, a secure peer and presence messaging framework, enablingreal-time communications among peers via other gateway devices 10 ₁ . .. 10 _(n). For instance, the device 10 provides the ability to constructcommunication paths between peers with formal communications exchangesavailable between, for example, one gateway device 10 ₁ at a firstpremises and a second gateway device 10, located at the remote premises.Thus, such an infrastructure provides for content addressing, enablingpeers through remote gateway devices 10 ₁ . . . 10 _(n). to supply andrequest content such as files, media content or other resources ofinterest to a community of interest.

As noted above, the novel system architecture allocates the logicalfunctionality of the ASD Platform (FIG. 1 ) between the gateway device10 and the service management center 50 within an environment thatenables communication and feedback at the AS Layer (FIG. 1 ) between thegateway device 10 and service management center 50. Thus, the gatewaydevice 10, when operable with the service management center 50, makespossible the management of services for the digital home and facilitatesthe easy addition of new services or modification of existing services.Such services may include, for example, facility management (homeautomation), media content downloading and Digital Rights Management(DRM), device updates, data backups, file sharing, media downloading andtransmission, etc., without the intermediary of a plurality of externalservice providers who may typically provide these individual servicesfor every digital endpoint device in the home or premises. Theprogramming for these services resides in the Application ServiceProvider Managed Applications and Platform of the UNA-DA (FIG. 3 ). Thatis, as earlier shown, the gateway device 10 is integrated with hardwareand software modules and respective interfaces that handle all aspectsof home automation and digital endpoint service and management for thehome in a manner without having to rely on external service providersand, in a manner that is essentially seamless to the user. This,advantageously is provided by the service management center 50 which isable to access regions of the gateway device 10 that are not accessibleto the user, e.g. for controlling the transport and storing of digitalcontent and downloading and enabling service applications and upgradesand providing largely invisible support for many tasks performed byusers.

For example, with the robust capabilities of the Application ServiceProvider Managed Applications and Platform (FIG. 3 ), the gateway device10 is capable of handling all aspects of the digital homecommunications, e.g. IP, voice, VoIP, phone connectivity. In thisexample, the service logic located and stored at the gateway device 10may provide soft-switch functionality for implementing call-processingfeatures at the premises (rather than the network) for voicecommunications, and enabling management of other service features to bedescribed. With the provision of central office type call services andother service features provided at the gateway devices 10 ₁ . . . 10_(n), a distributed soft-switch architecture is built. The ASM logicalfunctionality of the service management center 50, in cooperation withthe ASE logical functionality of the gateway device, may, among otherthings, provide, manage and regulate, for example, servicesubscription/registration, authentication/verification, key management,and billing aspects of service provision, etc. With all of the servicelogic and intelligence residing at the gateway device, a serviceprovider can offer customers a broad spectrum of services including, butnot limited to: media services, voice services, e.g. VoIP, automatedfile backup services, file sharing, digital photo management andsharing, gaming, parental controls, home networking, and other featuresand functions within the home or premises (e.g. home monitoring andcontrol). Users can access their content and many of the solution'sfeatures remotely. Moreover, software updates for the in-home devicesthat require updating are handled in an automated fashion by the systeminfrastructure. The service management center infrastructureadditionally provides a web interface for third-party service providersto round out the service solutions provided at the gateway device forthe premises. For example, a third-party service provider other than themanaged service provider associated with the service management centermay be allowed access through the infrastructure to particular endpointdevices to provide additional services such trouble shooting, repair andupdate services.

Gateway Device Software and Hardware Architecture

The composition of the premises gateway device 10, earlier describedwith reference to FIG. 3 , is now described in greater detail withreference to FIGS. 5A-5D. As shown in FIG. 5A, the gateway device 10utilizes a layered architecture 100, which enables the encapsulation ofsimilar functionality and the minimization of dependencies betweenfunctions in different layers. FIGS. 5B and 5C depict exemplaryfunctionality (hardware and logical) resident in, or corresponding to,each of the layers shown in FIG. 5A. The layers include a hardware layer102, and device driver software 104 for allowing the processor tooperate other hardware elements of the gateway device 10. FIG. 5D is afunctional block diagram illustrating interconnection of exemplaryelements of the hardware layer 102. The logical elements of the NI Layerresiding on the gateway device 10 (FIG. 4 ) are found in the HardwareDrivers 104 which govern the operation of the Hardware Components 102.The processor runs an operating system shown at layer 106, which plays arole in each of the NI, NF, AS and Platform Management Layers (FIG. 1 ).The layered architecture 100 also includes software for systems services108 and for the platform management layer shown at 110 in this drawing.Logical elements represented by the NF Layer depicted in FIG. 1 arecomprised of elements from the system services 108 of FIG. 4 . In asimilar fashion, the Platform Management Layer depicted in FIG. 1 isimplemented in the exemplary architecture of FIGS. 5A-5D by the platformmodules 109 and the platform management layer 110.

Particular logical elements comprising the ASL and ASE functionalitiesof the AS Layer represented in FIG. 1 , and that reside on the gatewaydevice 10 (predominately in the Application Service Provider ManagedApplications and Platform of the UNA-DA shown in FIG. 3 ) are depictedin FIG. 5C, and comprise logical elements from each of servicesframework 120 and application services 130. The layered architecture inFIG. 5C facilitates reuse or sharing of logic across the layers toprovide a managed service framework 120. The service managementfunctionality provided by the framework 120 enables deployment of newservices as pluggable modules comprising computer readable instructions,data structures, program modules, objects, and other configuration data,in a plug and play fashion. The layered service architecture 100additionally provides the gateway device 10 with intra-processcommunication and inter-process communication amongst the many servicesand modules in the service framework layer 120 that enables theprovisioning, management and execution of many applications and services130, depicted e.g. services A, B . . . N at the gateway device 10.Additionally provided are the application service interfaces 140 thatenable communications from user endpoint devices with serviceenvironments. In that regard, the interfaces 140 enable the applicationservice logic 130 to act as an appropriate server with respect to clientdevice application or service functionality of the endpoint devices. Theapplication service interfaces 140 also enable corresponding interfacesfor the application services with aspects of service environmentsimplemented outside the user premises. In that regard, the interfaces140 enable the application service logic 130 to act as an appropriateclient, for extending the application or service related communicationsto a server accessed via the wide area network 99, such as a server ofthe service management center 50. For example, the gateway device mayappear as a SIP server to a SIP client in an end point device, e.g. fora VoIP telephone service; but the gateway device will appear as a SIPclient with respect to some related functions provided by a server (suchas a SIP directory server) provided by the service management center 50.

FIG. 5A thus depicts a high level service framework upon which are builtservices, e.g. downloaded via the service management center network 50and wide area network 99 as packages that are developed and offered by aservice entity for customers. These services may be offered as a part ofa default service package provisioned and configured at the gatewaydevice 10, or provisioned and configured subject to user subscriptionand may be added at any time as plug-in service modules in cooperationwith the service management center 50. It is understood however, thatwhile the gateway device 10 includes much of the intelligence or servicelogic for providing various services, it is also possible that for someservices, some or all of service logic may reside in the servicemanagement center network and/or with a third party provider.

As shown in more detail in FIGS. 5B and 5D, the base support layer 102comprises hardware components including a processor device 152, e.g. asystem on chip central processing unit (“CPU”) that includes processingelements, digital signal processor resources and memory. The CPU 152 isalso coupled to a random access memory (“RAM”) and additionally,non-volatile hard drive/disk magnetic and/or optical disk memory storage154. Generally, the above-identified computer readable media providenon-volatile storage of computer readable instructions, data structures,program modules, objects, service configuration data and other data foruse by the gateway device. The non-volatile hard drive/disk magneticand/or optical disk memory storage 154 may be partitioned into a networkside which is the repository for storing all of the service logic anddata associated with executing services subscribed to by the user, and,is invisible to the user, and, a user side for storing user generatedcontent and applications in which the user has visibility. Although notshown, the CPU 152 may be coupled to a microcontroller for controlling adisplay device.

Additional hardware components include one or more Ethernet LAN and WANinterface cards 155, 156 (e.g. 802.11, T1, T3, 56 kb, X.25, DSL or xDSL)which may include broadband connections (e.g. ISDN, Frame Relay, ATM,Gigabit Ethernet, Ethernet over SONET, etc.), wireless connections, orsome combination of any or all of the above. The card 155 referred to asthe LAN interface card provides data communication connectivity withinthe user premises, essentially, for communication via a user premisesnetwork 60 with any endpoint devices operating within the premises. Thecard 156 referred to as the WAN interface card provides datacommunication connectivity for the gateway device 10 and endpointdevices communicating through the device 10, with the wide area IPnetwork 99. For additional or alternative customer premisescommunications, the hardware components 102 may also include one or moreUSB interfaces 158; and for additional or alternative communicationswith the wide area network, the hardware components may also include thePCMCIA EvDO interface card 160.

A data encryption/decryption unit 162 is additionally provided as partof the architecture for providing data security features. A watchdogtimer element or like timer reset element 164 is provided as is one ormore LED devices 166 for indicating status and other usable informationto users of the gateway device 10.

As mentioned above, the gateway device provides an in-premises footprintenabling the service connectivity and local management to client(s). Theimplementation of functions and the related control such as a router(with quality of service (QoS)), firewall, VoIP gateway, voice servicesand voice mail may be embodied and performed within the CPU 152.

The discussion of the gateway hardware layer above and the illustrationthereof in the drawings provides a high-level functional disclosure ofan example of the hardware that may be used in the gateway device. Thoseskilled in the art will recognize that the gateway device may utilizeother hardware platforms or configurations.

Continuing, as shown in FIG. 5B, the device driver layer 104 comprises amultitude of driver interfaces including but not limited to: a PCMCIAdriver 104 a, for enabling low level communication between the gatewayCPU 152 and the PCMCIA network interface card wireless interface, an IDEdriver 104 b for enabling low level communication between the gatewayCPU 152 and the local mass memory storage element, and LAN/WAN drivers104 c for enabling low level communication between the gateway CPU 152and the respective network interface cards 155 and 156. The exemplarydriver layer also includes an LED driver/controller 104 d for drivingLED(s) 166, a USB driver 104 e allowing CPU 152 to communicate via USBinterface 158, and an 802.11 b/g (or n) wireless network driver 104 ffor allowing the CPU 152 to communicate via the access point 62. Thedrivers provide the logical connectivity between the low level hardwaredevices 102 and the operating system 106 which controls the execution ofcomputer programs and provides scheduling, input-output control, fileand data management, memory management, and communication control andrelated services for the gateway device. With respect to the operatingsystem 106, the gateway computing may support any embedded operatingsystem, any real-time operating system, any open source operatingsystem, any proprietary operating system, or even any operating systemsfor mobile computing devices as long as the operational needs of theclient discussed herein below can be met. Exemplary operating systemsthat may be employed include Windows®, Macintosh®, Linux or UNIX or evenan embedded Linux operating system. For instance, the gateway device 10may be advantageously provided with an embedded operating system 106that provides operating system functions such as multiple threads,first-in first-out or round robin scheduling, semaphores, mutexes,condition variables, message queues, etc.

Built upon the system operating system 106 is a system services supportlayer 108 providing both client-like and server-like functions thatenable a wide range of functionality for the types of services capableof being managed by the gateway device 10. For instance, there isprovided a Dynamic Host Configuration Protocol (DHCP) client and serversoftware modules. The DHCP client particularly requests via a UDP/IP(User Datagram Protocol/Internet Protocol (e.g. Ipv4, Ipv6, etc.)configured connection information such as the IP address that thegateway device 10 has been dynamically assigned by a DHCP service (notshown), and/or any the subnet mask information, the gateway deviceshould be using. The DHCP server dynamically assigns or allocatesnetwork IP addresses to subordinate client endpoints on a leased, e.g.timed basis. A Virtual Private Network (VPN) client may communicate viaa proxy server in the service control network 50, according to a VPNprotocol or some other tunneling or encapsulation protocol. An SMPTclient handles incoming/outgoing email over TCP, in accordance with theSimple Mail Transfer protocol. A Network Time Protocol (NTP) (RFC 1305)generates and correlates timestamps for network events and generallyprovides time synchronization and distribution for the Internet. ADomain Name Server (DNS) client and server combination are used by theIP stack to resolve fully-qualified host or symbolic names, i.e. mappinghost names to IP addresses.

An HTTP(S) server handles secure Hypertext Transfer Protocol (HTTP)(Secure Sockets Layer) communications and provides a set of rules forexchanges between a browser client and a server over TCP. It providesfor the transfer of information such as hypertext and hypermedia, andfor the recognition of file types. HTTP provides stateless transactionsbetween the client and server.

A Secure File Transfer Protocol (SFTP) client and server combinationgovern the ability for file transfer over TCP. A SAMBA server is an opensource program providing Common Internet Files Services (CIFS)including, but not limited to file and print services, authenticationand authorization, name resolution, and service announcement (browsing).An EvDO/PPP driver includes a Point-to-Point Protocol (PPP) daemonconfiguration for wireless broadband services. A PPPoE (Point-to-PointProtocol over Ethernet) client combines the Point-to-Point Protocol(PPP), commonly used in dialup connections, with the Ethernet protocol;and it supports and provides authentication and management of multiplebroadband subscribers in a local area network without any specialsupport required from either the telephone company or an Internetservice provider (ISP). The gateway device 10 is thus adapted forconnecting multiple computer users on an Ethernet local area network toa remote site through the gateway and can be used to enable all users ofan office or home to share a common Digital Subscriber Line (DSL), cablemodem, or wireless connection to the Internet. A Secure Shell or SSHserver implemented with HTTP protocol provides network protocolfunctionality adapted for establishing a secure channel between a localand a remote computer and encrypts traffic between secure devices byusing public-key cryptography to authenticate the remote computer and(optionally) to allow the remote computer to authenticate the user.

Additionally provided as part of the system services layer 108 isintelligent routing capability provided by an intelligent router device185 that provides Quality of Service (QoS, guaranteed bandwidth)intelligent routing services, for example, by enforcing routing protocolrules and supporting unlimited multiple input sources and unlimitedmultiple destinations and, particularly, for routing communications tonetworked digital endpoint devices subordinate to the gateway. A centraldatabase server 183 handles all of the database aspects of the system.For example, the database server 183 maintains and updates registriesand status of connected digital endpoint devices, maintains and updatesservice configuration data, services specific data (e.g. indexes ofbacked-up files, other service specific indexes, metadata related tomedia services, etc.) and firmware configurations for the devices. Thedatabase server 183 may also store billing and transaction detailrecords and performance diagnostics. The database server logic 183 alsosatisfies all other database storage needs as will be described ingreater detail herein.

Referring back to FIGS. 5A and 5B, built on top of the system serviceslayer 108 is the platform module layer 109. The platform module layer109 provides a software framework for operating system andcommunications level platform functionality such as CPU management;Timer management; memory management functions; a firewall; a web wallfor providing seamless WWW access over visual displays via accesstechnologies enumerated herein, e.g. HTTP, SMS (Short Messaging Service)and WAP (Wireless Access Protocol); QoS management features, bandwidthmanagement features, and, hard disk drive management features. Thelayered architecture 100 further provides a platform management layer110 as shown in FIG. 5C, which together with the platform modules 109implement the platform management layer/logic discussed earlier (withregard to FIG. 1 ).

The features/functions in the layer 110 include a platform managermodule which will implement unique rules based notification services. Onoperational failure, for example, when one of the components or servicesfails, the platform manager would detect this failure and takeappropriate action such as implement a sequence of rules to providenotification to a user. A scheduler module manages scheduled devicemaintenance, managing scheduled services, e.g. back-up services, etc.The layer 110 also includes a diagnostics module and a firmware upgradesmanagement module for managing firmware upgrades. A resource managementmodule manages system resources and digital contention amongst thevarious resources, e.g. CPU/Bandwidth utilization, etc. A displaymanagement module and a logger management module store and track gatewaylog-in activity of users and applications, e.g. voice call logs, at theuser premises. The platform management layer 110 in concert withresource and service management components enforces the separation ofnetwork side managed service control and user side delegations dependingupon service subscriptions and configurations. For example, the platformand resource management encompass rules and guidelines providedaccording to subscribed services that act to enforce, manage and controlinput/output operations, and use of hard drives space etc. A demarcationpoint, logically depicted as the Application Service ProviderDemarcation in FIG. 3 , is thus defined that provides a hard linebetween what is owned by the customer and what is owned by the serviceprovider.

The logical platform management layer 110 allows for inter-layerallocation of local resources. This function guarantees access betweenthe application service/management logic implemented at the higherlayers in the gateway device 10 and the applications service managementfunction in the service management center 50, by assuring that the localuser premises hardware and software modules are functioning at arequired state (CPU and memory usage, bandwidth usage, QoS settings,etc.). The platform manager is also responsible for implementing thatpart of the managed application services to be performed by the gatewaydevice. In that regard, the platform manager secures and manages theoverall hardware platform, given that in this scenario, the networkfunction layer and the application service layer reside on one hardwareplatform. This secure hardware platform provides a robust and secureoperating environment for the application services layer. So, toestablish a secure and robust hardware operating environment, theplatform management layer must interface with all the layers above itand allow for bi-directional management information flow among all ofthe functions.

Referring back to FIGS. 5A and 5C, built on top of the platformmanagement layer 110 is the Services Framework 120, which provides alibrary of application support service processes that facilitate datacollection and data distribution to and from the multimedia endpointdevices. The application support service processes include, but are notlimited to: an authentication manager for use in authenticating devicesconnected to the gateway device; a billing manager for collecting andformatting service records and service usage by endpoint devices, e.g.calls, back-up services etc.; a fault manager for detecting and managingdetermined system and/or service faults that are monitored and used forperformance monitoring and diagnostics; a database manager; a controlchannel interface via which the gateway initiates secure communicationswith the operations support infrastructure; a configuration manager fortracking and maintaining device configuration; a user manager; a servicemanager for managing service configuration and firmware versions forsubscribed services provided at the gateway device; and a statisticsmanager for collecting and formatting features associated with thegateway device. Statistics may relate to use of one or more services andassociated time-stamped events that are tracked.

Built on top of the Services Framework layer 120 is the ApplicationServices layer 130 providing library of user application services andapplication support threads including, but not limited to: file sharingfunctionality; backup services functionality; home storagefunctionality; network device management functionality; photo editingfunctionality; home automation functionality; media servicesfunctionality; call processing functionality; voice mail and interactivevoice response functionality; presence and networking functionality;parental control functionality; and intelligent ads managementfunctionality. The multi-services applications gateway 10 furtherprovides application service interfaces 140 that are used to enable avariety of user applications and communications modalities.

For instance, the SIP Interface 141 is an interface to the generictransactional model defined by the Session Initiation Protocol (SIP)that provides a standard for initiating, modifying or terminatinginteractive user sessions that involve one or more multimedia elementsthat can include voice, video, instant messaging, online games, etc., byproviding access to dialog functionality from the transaction interface.For instance a SIP signaling interface enables connection to a SIPnetwork that is served by a SIP directory server via a Session BorderController element in the service management center 50 (FIG. 4 ).

The Web Interface 142 enables HTTP interactions (requests and responses)between two applications. The Web services interface 149 provides theaccess interface and manages authentication as multi-services gatewaydevices access the service management center 50 (FIG. 4 ) via webservices. The IM Interface 144 is a client that enables themulti-services gateway device 10 to connect to one or more specific IMnetwork(s). As further shown in FIG. 5C, the UpNp (Universal Plug andPlay) interface enables connectivity to other stand-alone devices andPCs from many different vendors.

The XMPP interface 145 is provided to implement the protocol forstreaming (XML) elements via the gateway device 10, in order to exchangemessages and presence information in close to real time, e.g. betweentwo gateway devices. The core features of XMPP provide the buildingblocks for many types of near-real-time applications, which may belayered as application services on top of the base TCP/IP transportprotocol layers by sending application-specific data qualified byparticular XML namespaces. In the example, the XMPP interface 145provides the basic functionality expected of an instant messaging (IM)and presence application that enable users to perform the followingfunctions including, but not limited to: 1) Exchange messages with otherusers; 2) Exchange presence information with other devices; 3) Managesubscriptions to and from other users; 4) Manage items in a contact list(in XMPP this is called a “roster”); and 5) Block communications to orfrom specific other users by assigning and enforcing privileges tocommunicate and send or share content amongst users (buddies) and otherdevices.

As noted, FIG. 5D provides a functional block diagram of exemplaryelements of the hardware layer 102. For example, a system on a chipprovides the CPU 152 and associated system components. The CPU 152 isalso coupled to a random access memory (“RAM”) and flash memory. Thesystem on a chip also includes a hard drive controller for controlling ahard disk drive, and together the controller and drive form the harddisk example of the storage 154. An Ethernet switch and associated LANport(s) provide the Ethernet LAN interface 155; and the Ethernet switchand associated WAN port provide a landline implementation of the WANinterface 156L, for connection to a broadband modem or the likeimplementing the NSP-TA. The WAN interface may also be wireless, asimplemented at 156 w for example by a wireless WAN module and associatedantenna. An example of such an interface would be the EvDO interfacediscussed earlier. If the gateway device uses the wireless WAN interface156 w, there would be no separate NSP-TA.

In the example of FIG. 5D, a USB controller in the system on a chip andone or more associated USB ports provide the USB interface 158. The USBinterface 158 may provide an alternate in-premises data communicationlink instead of or in addition to the wired or wireless Ethernet LANcommunications. The system on a chip includes a security engine, whichperforms the functions of the data encryption/decryption unit 162.

The hardware layer 102 may also include an option module. The UNA-DAhardware components at layer 102 have multiple interfaces for connectionto such an option module. These interfaces, by way of example, could bea data bus (e.g. PCI, etc), network interface (e.g. Ethernet (RJ45),MoCA/HPNA (Coax)) and Power feeds. The option module allows additionalfunctionality to be added to the base UNA-DA functionality of thegateway device. For example, this additional functionality could beeverything from support for a variety of extra Wide Area NetworkInterfaces (e.g. xDSL, DOCSIS, Fiber (PON), Cellular Packet, WIMAX,etc.), Media Processing (e.g. Cable TV termination, Digital VideoRecording, Satellite TV Termination, etc), to Voice Processing (FXS,FXO, Speech Detection, Voice to Text, etc). The option module may haveits own standalone CPU, Memory, I/O, Storage, or provide additionalfunctionality by its use of the CPU, Memory, I/O, and storage facilitiesoff of the main hardware board. The option module may or may not bemanaged directly by the Platform Management of the UNA-DA.

Gateway Processing

For the in-home services, the multi-services gateway device 10 connectsthe various service delivery elements together for enabling the user toexperience a connected digital home, where information from one source(for example, voicemail) can be viewed and acted on at another endpoint(for example, the TV 32). The multi-services gateway device 10 thushosts the various in-home device interfaces, and facilitates the movingof information from one point to another. Some of the in-home endpointdevice processing duties performed by the gateway device 10 include, butare not limited to: 1) detecting new devices and provide IP addressesdynamically or statically; 2) functioning as a (Network AddressTranslator) NAT, Router and Firewall; 3) providing a centralized diskstorage in the home; 4) obtaining configuration files from the servicemanagement center and configuring all in-home devices; 5) acting as aRegistrar for SIP-based devices; 6) receiving calls from and deliveringcalls to voice devices; providing voicemail services; 7) decrypting andsecurely streaming media having digital rights management (DRM)encoding; 8) distributing media to an appropriate in-home device; 9)compressing and encrypting files for network back-up; 10) backing-upfiles to the network directly from gateway device; 11) handling homeautomation schedules and changes in status; 12) providing in-homepersonal web-based portals for each user; 13) providing Parental ControlServices (e.g. URL filtering, etc.); 14) creating and transmittingbilling records of in-home devices including, recording and uploadingmulti-service billing event records; 15) distributing a PC client to PCsin the home, used in support of the various services such as monitoringevents or diagnostic agents; 16) storing and presenting games that usersand buddies can play; 17) delivering context-sensitive advertising tothe endpoint device; and, 18) delivering notifications to the endpointdevice; and, 19) enabling remote access through the web, IM client, etc.Other duties the gateway device 10 may perform include: servicemaintenance features such as setting and reporting of alarms andstatistics for aggregation; perform accessibility testing; notify aregistration server (and Location server) of the ports it is “listening”on; utilize IM or like peer and presence communications protocolinformation for call processing and file sharing services; receiveprovisioning information via the registration server; utilize a SIPdirectory server to make/receive calls via the SBC network elementto/from the PSTN and other gateway device devices; and download DRM andnon-DRM based content and facilitating the DRM key exchanges with mediaendpoints.

Logical Architecture and Service Management Center Network

While the gateway devices 10 as described above are each equipped withvarious logic and intelligence for service features that enable thegateway devices to provide various integrated digital services to thepremises, as described herein with respect to FIG. 4 , the network-basedelements of the service management center 50 supports and managesmulti-services gateway devices, for instance, so as to control theaccessibility to functionalities and service features provisioned in thegateway devices and the ability to communicate with other gatewaydevices and various digital endpoint devices connected thereto. Theseelements that support and manage the gateway devices 10 comprise the ASMmodule described above with reference to FIG. 1 . These ASM elementsmay, for example, provide the necessary data to the ASE and ASL modulesso that they may carry out their respective functions, oversee theoverall integration and communication among all the modules and theservices that are managed by the ASM, manages the overall security andintegrity of the ASD, and maintains alarm, statistical, subscription andprovisioning data, and data necessary for the integration of servicesfrom third-party service providers, e.g., media content aggregators.

Examples of various ASM functionalities performed at the servicemanagement center 50, from the Service Provider Network regime, includebut are not limited to: service initialization of the gateway devices,providing security for the gateway devices and the network supportinfrastructure, enabling real time secure access and control to and fromthe gateway devices, distributing updates and new service options to thegateway devices, providing service access to and from the gatewaydevices and remote access to the gateway devices, but not limited tosuch. In support of these services, the service management center 50provides the following additional services and features: authentication;multi-service registration; subscription control; service authorization;alarm management; remote diagnostic support; billing collection andmanagement; web services access; remote access to gateway devices (e.g.via SIP or Internet/web based communications); reachability to accesschallenged gateway devices; software updates; service data distribution;location service for all services; SIP VoIP service; media services;backup services; sharing services; provisioning; gateway interfaces toother service providers (Northbound and peering); load balancing;privacy; security; and network protection.

The logical network architecture for the service management centernetwork delivering these capabilities is illustrated in FIG. 6 . Itshould be understood that the functional components described in view ofFIG. 6 may be combined and need not be running on discrete platforms orservers. Rather one server or component may provide all the servicemanagement center functionalities for providing managed network ofgateway devices 10. In addition, any one of the components shown in FIG.6 may perform any one of the functionalities described herein. Thus, thedescription in the present disclosure associating certain functions withcertain components are provided for ease of explanation only; and thedescription is not meant to limit the functionalities as being performedby those components only. Thus, the network elements or components shownin FIG. 6 illustrate logical architecture only, and the presentteachings do not require the specific components shown to performspecific functionalities described. Moreover, the functional componentsmay use distributed processing to achieve a high availability andredundancy capacity.

The one or more network elements of center 50 illustrated in FIG. 6support the gateway devices 10 that are services points of presence inthe user premises such as users' homes, and the various endpoint devicesconnected thereto. Examples of functionalities provided in the servicemanagement center network 50 are discussed below. Upgrades to gatewaydevice firmware and various endpoint devices may be managed in theservice management center network 50, for example, by a firmware updaterserver 51. VOD (video on demand) functionalities, for example, servicedby VOD servers (VODs) 52, ingest wholesale multi-media content andprovide DRM-based premium content to the multi-services gateway deviceand endpoint devices. The service management center network 50 also mayenforce DRM (Digital Rights Management) policies, for example, by aconditional access (CA) server 54, which provides key-based access andinitiating billing processes. The service management center network 50may also provide functionalities such as collecting billing informationand processing billing events, which for instance may be handled bybilling aggregator sub-system 58. The service management center network50, for example, using one or more connection manager servers 60, mayestablish and maintain a signaling control channel with each activemulti-service gateway device 10. For message routing functionality ofthe service management center network 50, for example, one or moremessage router devices 62, may provide intelligent message routingservice for the network 50 and maintain gateway device presence andregistration status in an internal session manager sub-system of theservice management center 50. Publish and subscribe functionality of theservice management center network 50, for example, a Publish/Subscribe(Pub/Sub) server sub-system 65, may provide publish and subscribemessaging services for the multi-services gateway devices 10 and theelements of the service management center network 50.

The service management center network 50 may provide SIP-based directoryservices for voice and other multimedia services, for example, via itsSIP Directory Server 66. In addition, location service functionality,for example, provided by the Location Server 68, may include IP and Portlevel services for all inbound services. As discussed more later, thelocation server 68 maintains information as to accessibility ofauthenticated gateway devices 10, for enabling peer to peercommunications among gateway devices 10 via the wide area IP network 99.DNS services functionality may be provided by a DNS server 69 for allinbound services.

The service management center network 50 may also provide virtualprivate network (VPN) functionalities, for example, handled by its VPNserver/subsystem 70, and provide VPN connection services for certaininbound services on multi-services gateway devices 10. VPN connectionservices may be provided on those multi-services gateway devices thathave accessibility challenges, for example, those that are behindexternal firewalls and NATs. The service management center network 50may also include functionality for determining the nature of theaccessibility configuration for the multi-services gateway devices 10.In one embodiment accessibility service may be performed by anaccessibility test server 72 that functions in cooperation with themulti-services gateway device 10 to determine the nature of theaccessibility. For example, the accessibility test determines whetherthe gateway devices are behind a firewall, whether NATs is required,etc.

The service management center network 50 also functions to provideprovisioning services to all elements of service management centernetwork 50 and to multi-services gateway devices 10. Such functionalityof the network 50, for example, may be implemented by the provisioningserver 74 in one embodiment.

Authentication functionality of the service management center network50, for example, provided by an authentication manager 71, providesauthentication services to all service management center networkelements and to multi-services gateway devices 10. As discussed morelater, upon successful authentication of a gateway device 10, theauthentication manager 71 controls the connection manager 60 toestablish a signaling communication link through the wide area IPnetwork 99 with the authenticated gateway device 10. The authenticationmanager 71 confirms authentication of the respective gateway device 10from time to time, and the authentication manager 71 controls theconnection manager 60 to maintain a session for the signalingcommunication link through the wide area IP network 99 with therespective gateway device 10 as long as the authentication manager 71continues to confirm the authentication of the respective gatewaydevice. The signaling connection may be torn-down, when the device 10 nolonger passes authentication, either because it becomes inaccessible tothe authentication manager 71 or its service status changes.

The gateway devices 10 and service manager center 50 implement severalmethodologies that allow the service provider to manage varioussubscription application services provided for endpoint devicesassociated with the gateway devices 10. In general, one subscriptionmanagement methodology involves sending information indicatingconfiguration data or software currently needed for the one gatewaydevice to implement server functionality for an application service or afeature of an application service, based on a service subscription of acustomer associated with that gateway device. Several different ways ofsending this information are discussed by way of example below. Arequest from a particular gateway device 10 is received in the servicemanagement center 50, indicating that the device 10 needs theconfiguration data or software to implement the application service orfeature thereof. In response, the service management center 50 sends thenecessary configuration data or software through the wide area network99 to the gateway device 10. The gateway device 10 can install theconfiguration data or software, to enable that device 10 to deliver theserver functionality for the application service or the feature to itsassociated one or more endpoint device(s) that implement the clientfunctions regarding the particular application service.

Subscription functionality of the service management center network 50,for example, provided by a subscription manager 73, is one mechanismused to provide management of subscription services to allmulti-services gateway devices 10. The subscription manager 73 managesapplications services and/or features of the server functionality of thegateway device 10, to be enabled on each respective authenticatedgateway device, based on a service subscription associated with therespective device 10.

The service management center network 50 may include functionality forproviding management services for each of the services provided in thegateway device 10. For example, respective service managers 75 store andserve to distribute service specific configuration data to themulti-services gateway devices 10, typically via the signalingcommunication links established through the wide area IP network 10 uponsuccessful device authentication. The configuration data downloads bythe service managers 75 are based on the service subscription of theuser or premises associated with the particular gateway device 10, thatis to say, as indicated by the subscription manager 73.

The service management center network 50 also includes elements toprovide necessary software to the gateway devices 10 through the widearea network, as needed to implement customers' subscription services.In the example, the service management center network 50 includes anupdater 51 for transmitting software to the gateway devices. Thesoftware resident in the gateway device is sometimes referred to asfirmware. Software can be distributed upon request from an individualgateway device 10 or as part of a publication procedure to distributeupgrades to any number of the gateway devices. For this approach, thepublication/subscription (Pub/Sub) server or like functionality 65provides notifications of available software updates. For example, upondetecting an update regarding an application service, gateway devices 10subscribing to an update notification service with regard to therelevant application service are identified. The Pub/Sub server 65 sendsnotification messages through the wide area network 99 to the identifiedgateway devices 10. Assuming that a notified gateway device does not yethave the software update installed as part of its resident firmware, itsends a request indicating that the gateway device needs the availableupdate. In response to the received request, the updater 51 sends theupdate of the software through the wide area network 99 to the onegateway device 10. The update enables the gateway device 10 to deliverthe subscription application service or feature thereof, based on theupdated software, to one or more endpoint devices implementing clientfunctions related to the subscription application service.

Service access test functionality of the service management centernetwork 50 performs tests to multi-services gateway devices to verifythe accessibility for each subscribed service. Such functionality may beprovided by service access test managers 77. The service managementcenter network 50, for example, in an alarm aggregator subsystem 82 mayaggregate alarms received from the multi-services gateway devices. Theservice management center network 50 also may include functionalities tosupport, for instance, by alarms, diagnostics and network management(NWM) server 85, network management and network management services. Theservice management center network 50 enables web interface communicationmechanism, for example, via a web services interface server 90, to forexample provide access interface and manage authentication asmulti-services gateway devices access the service management center forvarious services, including access to configuration data in the servicemanagers 75.

Additional service management center network functionalities shown inFIG. 6 may include providing HTTP redirection services for public webaccess to the multi-services gateway devices, which function, forexample, may be provided via a public web redirect server 91. Public SIPRedirect/Proxy functionality provides, for instance, via a Public SIPRedirect/Proxy server 92, SIP redirection and proxy services to publicremote SIP phones and devices. The service management center network 50also may include functionalities to provide a SIP-based network borderinterface and billing services for off-net voice calls. Suchfunctionality in one embodiment may be provided in a Session BorderController device 93 a. Another functionality of the service managementcenter network 50 may be providing Session Border Control services toSIP roaming SIP callers in certain situations, which functionality forexample may be provided by a Roaming Session Border Controller device 93b. The service management center network 50 also functions to providedynamic NAT services during certain SIP roaming scenarios. Suchfunctionality may be implemented in the Roamer Dynamic NAT Server 94.

The service management center network 50 further may provide off-sitebackup services for the service management center network to a WholesaleBack-up Provider 96. The service management center network 50 furtherinteroperates with Wholesale VoIP Provider 97, which may provide VoIPcall origination/termination services for off-net voice calls. Forinstance, the service management center network 50 may provide VoIP/PSTNgateway that enables a translation between protocols inherent to theInternet (e.g. voice over Internet protocol) and protocols inherent tothe PSTN. Other entities that may be partnered with the servicemanagement center network 50 as shown in FIG. 6 include the contentproviders 98 that provide media-based content (including, but notlimited to music, video, and gaming) to the service management centernetwork 50, gateway interfaces 101 for billing, alarms/diagnosticnetwork management (NWM), and provisioning interfaces for partneredwholesale providers (e.g. peering interfaces) and service providercustomers (e.g. North bound interfaces).

In the illustrated example, a server or servers of the servicemanagement center network 50 are intended to represent a general classof data processing device commonly used to run “server” programming.Such a device typically utilizes general purpose computer hardware toperform its respective server processing functions and to control theattendant communications via the network(s). Each such server, forexample, includes a data communication interface for packet datacommunication. The server hardware also includes a central processingunit (CPU), in the form of one or more processors, for executing programinstructions. The server platform typically includes program storage anddata storage for various data files to be processed and/or communicatedby the server, although the server often receives programming and datavia network communications. The hardware elements, operating systems andprogramming languages of such servers are conventional in nature, and itis presumed that those skilled in the art are adequately familiartherewith.

In one embodiment, the connection manager 60 may aggregate a pluralityof connection channels 150 and multiplex these signaling channels to themessage router device 62. The connection manager 60 works with themessage router 62 and the authentication manager 71 to authenticate themulti-services gateway device 10 and allow its access to the network 50by enabling the establishment of a control channel 150 providing an“always on” control channel between the multi-services gateway deviceand the services service management center 50 once the gateway device isauthenticated. The connection managers 60 also provide network securityand protection services, e.g. for preventing flooding, denial of service(DOS) attacks, etc. In one embodiment, there may be interfaces such asAPIs for interfacing the connection managers 60 or the like to themessage routers 62 and the multi-services gateway devices 10. As thenetwork of multi-services gateway devices grow, the number of connectionmanagers 60 may grow to meet the demand for concurrent signaling controlchannel connections.

In one embodiment, a message router device(s) 62 provides control signalmessage routing services and session management services to themulti-services gateway device 10 and the other network elements of theservice management center 50. In one embodiment, the message routerdevice 62 has control channel signaling access, via the control channelto the firmware upgrade manager server or gateway firmware updater 51,VOD server(s) 52, a billing system 58, content managers 98, pub/subs 65,service accessibility test manager 77, authentication manager 71,service manager 75, subscription manager 73, alarms aggregator 82,network management (NWM) server 85 and public web proxy redirect 91, andthe multi-services gateway devices 10. The message router 62 may alsoinclude a session manager subsystem that maintains control channel stateinformation about every multi-services gateway device client in thegateway-service center network. The message router 62, and sessionmanager enable sessions to be established to each multi-services gatewaydevice 10 and each element of the service management center 50 andprovide robust routing services between all the components. The messagerouters 62 may additionally connect to other message routers forgeographic based scaling, creating a single domain-based control channelrouting infrastructure. The message routers 62 may additionally connectto IM gateways and other message routers that provide user based IMservices, which may enable users to interact directly with theirmulti-services gateway device via IM user clients. Thus, besidesproviding routing and session management for all the multi-servicesgateway devices and the network elements, the message router element 62enables control signaling between all the network elements and themulti-services gateway devices and, connects to IM gateways to provideconnectivity to other IM federations.

Web Services Interface

In an example, the service management center network 50 may also provideweb services interface functionality (for example, shown at 90 in FIG. 6) that forms an application programming interface (API) between thegateway devices 10 and the service management center network 50 as amechanism to communicate between the gateway devices and the servicemanagement center network. That is, in addition to the establishedsignaling control channel, the gateway devices 10 and the servicemanagement center network 50 may utilize web services interface 90 tocommunicate. For instance, the gateway devices 10 and the servicemanagement center network 50 may exchange information via secure HTTP orHTTPS using SOAP, XML, WSDL, etc. or the like.

In one example, an authentication key is used or embedded in the messagein order to validate the communication between one or more gatewaydevices 10 and the web services interface functionality 90 in theservice management center network 50. In one embodiment, the gatewaydevice 10 may request from the service management center network 50, forinstance, from its authentication manager functionality 71, a temporarykey, which is to be used when the gateway device 10 requests servicesvia the web services interface 90. Preferably, this key is not a servicespecific key, but rather identifies a particular gateway device 10 toenter the service management center 50 through the web servicesinterface 90. Every time the gateway device 10 requests a key, theauthentication manager 71 functionality may store the key and the expirytime of the key. A response message provided from the authenticationmanager 71 has the key and expiry time. In one example, gateway devices10 are responsible to determine a status of the key compared to theexpiry and to request a new key before the expiry time. In anotherembodiment, the web services interface authentication key may beassigned during initial registration and may be renewable as describedabove with reference to dynamic renewable authentication and servicekeys.

The web services interface 90 subsequently directs message requests tothe appropriate functionality in the service management center network50. The incoming requests may be load balanced in one embodiment by theDNS server 69, and loading and performance information may be fed backto the DNS in support of this function. The web services interface 90may have interfaces (e.g. APIs) to the gateway device 10, theauthentication manager functionality 71 of the service management centernetwork 50, DNS 69, the service managers 75 of the service managementcenter network 50, etc.

In an exemplary embodiment, a gateway device 10 may utilize the webservices interface to pull data, software or information from theservice management center network 50, while the service managementcenter network may utilize the signaling control channel to push datasuch as various notification data to the gateway devices. In an examplediscussed more below, the subscription manager 73 notifies the gatewaydevice 10 of configuration data applicable to a service subscribed to bythe customer associated with the particular gateway device. If thegateway device 10 determines that it needs the configuration data (notyet resident or not up-to-date), then the gateway device 10 sends arequest to the web services interface 90, which is forwarded to theappropriate service manager 75. The service manager 75 in turn sends theconfiguration data to the gateway device 10 for loading and future use.A similar procedure can be used to download software, e.g. from agateway updater or other firmware server based on a descriptor from thesubscription manager or a published notification from a Pub/Sub server.

Automatic Discovery and Configuration of Endpoint Devices

In one embodiment, a customer or user self-provisions endpoint deviceson a particular multi-services gateway device 10. The provisioningsystem or like functionality 74 may provision how many endpoints and thetypes of devices that can be self-provisioned by the user. In oneembodiment, the gateway devices are capable of automatically discoveringand configuring the gateway device compatible devices belonging toenabled services in the premises such as the home or business, forinstance, with minimal human intervention (e.g. for security purposessome devices may need administrator level prompting to proceed withconfiguration actions). For instance, the gateway device compatibleendpoint devices are devices that the gateway device can communicatewith and thus become the center of management for the services offeredthrough these endpoint devices. One or more of these endpoint devicesmay have automatic configuration capabilities such as universal plug andplay (e.g. uPNP devices). These endpoint devices may include but are notlimited to, media adaptors, SIP phones, home automation controllers,adaptors that convert IP interfaces to PSTN FXO and FXS interfaces, etc.In one example, the method of configuration, e.g. automatic discoveryand configuration may be based on the specific device's current firmwareor software or like version. The gateway device 10 in one embodimentalso may keep a record or table of configuration information, forexample, for those devices configured automatically. Such informationmay include, for example, for media adaptor, supported formats and bitrates, for home automation controller, information pertaining to thetype of controller such as Insteon, Awave, etc.

As another example, if the phone service is enabled and if the gatewaydevice detects a new SIP device, the gateway device 10 may prompt a userto determine if the detected endpoint device needs to be configured forassociation with the gateway device. If it does, then the gateway device10 may configure the detected device on its network (home network orother premises network). Yet as another example, when new drives areadded to the gateway device for storage expansion, the gateway device 10may automate initialization of the expanded device storage.

Gateway to Gateway Device Communications

As mentioned earlier, the gateway devices and service management centersupport a communication capability between the appliances. This feature,for example, may be utilized for enabling secure peer-to-peer sharing ofdata between or among the gateway appliances.

Additional aspects of the peering capabilities enabled by the gatewaydevice-service management architecture include the ability to store aroster or contact list of distant gateways on either the gateway 10 orwithin the service management center 50 and utilizing these addresses tomaintain the presence and routing information of selected othergateways. This roster information is used to establish and manage accessand message routing, via XMPP messaging, to gateways, to locate andaddress other gateways, and set up peering relationships between thegateways.

A gateway may also expose other details about resources or endpointswithin the home to other gateways by communicating resource informationalong with presence information. As an example, a gateway may sendpresence information to selected “buddies” via the signaling channel andalso include information about the resources available to the distantbuddy. Examples of resources include digital picture frames that thedistant gateway user may direct photos to, web cams, or other resources,enabling direct interaction between an end user connected to onegateway, or in automated scenarios, the gateway itself, and a distantdevice connected to the local area network of another gateway.

When a user interacts with the resource sharing functions of theirgateway 10, the user may select a specific gateway 10 ₁ from theirroster, represented as a “buddy” list. When the user selects a “buddy”,additional resource details are displayed to the user, providinginformation about any resources that the end user may utilize via thatselected peer gateway device 10 ₁.

The XMPP messaging protocol, combined with the roster and XMPPaddressing mechanisms may be utilized for either end user interactionsor automated interactions between gateways. Automated use of the peeringcapabilities include directing utility data for usage and networkmanagement information to designated collectors within peering groupsand then having the designated collector forward the combinedinformation to the service management center. This distributes thecollection processing to the gateways and decreases the overallprocessing and bandwidth utilization in the service management center.Of course, the XMPP protocol is discussed here merely by way of example,and those skilled in the art will recognize that the gateway to gatewaydevice communications may use other protocols.

Upon gateway device 10 establishing initial communication with selectedremote gateways (e.g., gateway device 10 ₁, 10 _(n), etc as shown inFIG. 4 ) and devices via service management center 50, gateway device 10may negotiate a direct signaling communication path with one or moreremote gateway devices. The signaling path may be independent of servicemanagement center 50, IM networks 99 a or 99 b, or IM server 99 c.Establishing a direct signaling channel between gateway devices mayreduce the messaging load on service management center 50, IM networks99 a or 99 b, or on IM server 99 c.

An Application and Network Gateway (ANG) (e.g., gateway device 10, 10 ₁,10 _(n), etc.) may be located, for example, in a user premises. The ANGmay have associated endpoint devices, and be managed by an ApplicationServices Provider (e.g., the application service may be delivered viathe application services layer by application service management center50, or may be IM networks 99 a or 99 b, or IM server 99 c). Anapplication network gateway management connection server (MCS) may beused to establish a connection with one or more ANGs, wherein theestablished connection may be secure or unsecure. The MCS may be acomponent of application service management center 50, IM networks 99 aor 99 b, or IM server 99 c. This connection between the MCS and the ANGsallows each ANG to “register” its local information (e.g., InternetProtocol (IP) address, Application Ports, Availability, and otherattributes) with the MCS. Additionally, when ANGs desire to locate eachother (e.g., to establish peer to peer connections for communication),they may retrieve the distant-end ANG information from the MCS.

Location updates may be performed at ANG Startup, or when IP or Portchanges occur at the AGN. There may be no predefined time of thevalidity of the addresses. For example, the last update may beconsidered valid for an indefinite period of time. Thus, in thisexample, the AGN does not need to update location information on aperiodic basis.

A Location Server may maintain the location information for all the ANGsin the network. A Session Redirect Server (SRS) and SRS database maystore service-specific authentication and routing information. The SRSand SRS database may be part of the Applications Services Provider.

FIG. 7 illustrates a flow diagram depicting an ANG establishing a secureconnection with the Application Services Provider, and updating theApplication Services Provider with the ANG's availability, IP addressand application Port selection. Once the Application Services Providerhas been updated with this information, it may store the information andprovide that information to other ANGs that may request to communicatewith the ANG of Home 1.

At step 700 shown in FIG. 7 , the ANG may initialize or establish amessaging connection with the MCS of the Applications Service Provider.This connection may be either a secure or unsecure connection. At step702, the secure messaging and presence connection is established betweenthe ANG and the MCS, and the session communication endpoint may beestablished. At step 704, the location update of the ANG with thelocation server of the Application Services Provider is established asbeing valid until, for example, further updates are provided by the AN Gor until the session is disconnected. The SRS of the ApplicationServices Provider may be updated with a new IP and port address for ANGof Home 1 at step 706. Also, a unique identifier tag for the ANG may beestablished in the SRS database.

FIG. 8 illustrates the exemplary steps for the ANG updating theApplication Service Provider's information after it has experienced anIP address change. The illustrated flow for creating a dynamic addresstable is depicted, as is the flow for updating the informationassociated with the ANG with the SRS. This update may be performed at atime that is not related to a particular application session initiation.The update of the SRS may be enabled by an application service providerpresence and networking control channel.

At step 710 shown in FIG. 8 , the ANG may initiate an IP address change.At step 712, the SRS may be updated with the new WAN IP and Port Addressfor the ANG of Home 1. The ANG may have a unique identifier tag in theSRS database for which this updated information is associated with. Ifthe WAN connection between the ANG and the Application Services Provideris severed, disrupted, or otherwise unavailable (i.e., the connection is“down”) at step 714, the MCS may detect that the presence and networkingmessaging channel is unavailable at step 716. At step 718, the SRS maybe updated to indicate that it is not available because the WANconnection with the ANG with a particular identifier tag is unavailable.The SRS database fields may be updated to indicate that the availabilitystatus of the identified ANG has changed.

FIG. 9 depicts a first ANG of Home 1 and a second ANG of Home 2, whereinboth ANGs are managed by the Application Service Provider in order tocommunicate their attributes with each other. Each ANG may establishusing a presence and networking message communications channel, whichmay be a secure or unsecure channel, with the Application ServicesProvider. Once a connection is established, the ANGs may retrieve thedistant-end routing information (i.e., location information of the otherANG) if the ANG does not presently have such information. Once each ANGknows the location of the other ANG, they may establish a direct peer topeer connection. In addition, each ANG may update their respectiveapplication routing tables and attributes with each other.

As shown at step 720 of FIG. 9 , the ANG of Home 1 may establish apresence and networking message communication connection with a presenceand networking message server (e.g, IM server 99 c or a presence andnetworking server that is part of service management center 50, etc.).At step 722, buddies in the buddy list of the ANG in Home 1 may benotified of the ANG's presence, as well as display the services offeredby the ANG via the presence and networking message server. At step 724,the ANG at Home 2 may set up and establish a presence and networkingmessage connection with the presence and networking message server. TheANG of Home 2, at step 726, may notify buddies of its presence, as wellas present its services that are available. At step 728 the ANG of Home1 may update the routing table with the remote ANG (i.e., the ANG ofHome 2) address changes, as provided by the presence and networkingmessage server. At step 730, the ANG of Home 1 may provide servicedetails, such as IP address and port information to the ANG of Home 2via the presence and networking server. The ANG of Home 2, at step 732,may update the routing table with the address changes of the ANG of Home1.

As shown in FIG. 10 , the ANG of Home 1 and the ANG of Home 2 mayestablish a peer to peer presence and networking message connectionbetween each other. The peer to peer connection may be established uponeach ANG locating the other via the presence and networking messageserver or the service management center. Upon obtaining the routinginformation, each ANG may use the routing information to establishsubsequent peer to peer sessions until there is an endpoint statuschange.

At step 740 illustrated in FIG. 10 , the ANG of Home 1 may setup apresence and networking communication connection (which may be secure orunsecure) with the presence and networking messaging server. At step742, the ANG of Home 1 may notify presence and networking message serverof the presence of the ANG, as well as provide peer to peer connectioninformation (e.g., IP address, port, etc.). Next, at step 744, ANG ofHome 2 may setup and establish a presence and networking messageconnection with presence and networking message server. ANG of Home 2may then notify buddies on the buddy list of the ANG's presence, as wellas present peer to peer connection information to the presence andnetworking message server at step 746. The presence and networkingmessage server, at step 748, may provide the peer to peer connectioninformation (e.g., of the ANG of Home 2) to ANG of Home 1, and the ANGof Home 1 may update the route table with address changes. The ANG ofHome 1 may present the peer to peer connection information for a buddy(e.g., ANG of Home 2) via the presence and networking server at step750. ANG of Home 2 may update the route table with the address changeinformation from ANG of Home 1 at step 752. Next, at step 754, a peer topeer control channel may be established between ANG of Home 1 and ANG ofHome 2. ANGs of Home 1 and Home 2 may then present services and servicedetails (e.g., resource identifier information, IP address, portinformation, etc.) to one another at step 756.

In providing peer to peer communications between gateway devices, a userof a first gateway device may control associated endpoint devices of asecond gateway device, provided such endpoint devices and/or theirfunctionalities are provided to the first gateway device. This may bebased, for example, on the second gateway device being present in thebuddy list of the first gateway device. For example, a user of the firstgateway may control an endpoint device that is a garage door associatedwith a second gateway device. The user may determine the status of thegarage door (e.g., open, closed, etc.), and may provide instructions tothe garage door to open or close (e.g., based upon the received statusinformation).

The gateway device 10 and its interactions with various endpoint devicesand with the service management center 50 have been described withreference to diagrams of methods, apparatus (systems) and computerprogram products. It will be understood that elements and functionsillustrated in the diagrams, can be implemented by computer programinstructions running on one or more appropriately configured hardwareplatforms, e.g. to operate as a gateway device 10 or as one or more ofthe enumerated elements of the service management center 50. Hence,operations described above may be carried out by execution of software,firmware, or microcode operating on a computer other programmable deviceof any type. Additionally, code for implementing such operations maycomprise computer instruction in any form (e.g. source code, objectcode, interpreted code, etc.) stored in or carried by any computer ormachine readable medium.

IM Server and Gateway Device for Home Automation Control

As described above in connection with FIG. 2 , the gateway device 10 maybe the central communication platform that interoperates with multipledevices in the home to form a home networking environment. FIG. 11provides an exemplary home network that includes a home automatedcontrol.

In FIG. 11 , central to the communication platform functionality is theprovisioning of IM client functionality 610 at the gateway device 10. IMclient functionality 610 may be enabled for client-server communicationswith an IM server 99 c (e.g., which may be part of IM networks 99 aand/or 99 b of FIG. 4 ). IM server 99 c may be a publicly-accessible IMserver (e.g., Yahoo IM network, MSN IM network, etc.), or may be aprivately-accessible IM server, either of which may be remotely located.IM server 99 c, whether in a publicly or privately accessibly form, mayenable communications between a remote IM client (e.g., IM client 650,etc.) and IM client 610 of gateway 10, for example, via a wide areanetwork. IM client 650 may communicate with endpoint devices (e.g.,device 665, etc.) that may be part of home automation network 620 via IMserver 99 c. Communication messages 672 from IM client 650 may bedirected by IM server 99 c to IM client 610 of gateway device 10. Homeautomation controller 605 and device driver 613 may process thecommunication messages 670 for endpoint devices (e.g., device 665) ofhome automation network 620. As endpoint devices of home automationnetwork may not be enabled with IM client programming, and thus may notcommunicate with other IM devices using a presence and networkingmessaging protocol (e.g., an Instant Messaging protocol), device driver613 may provide the communications to a respective endpoint device inthe home automation network using a device driver communicationprotocol. Messages from one or more endpoint devices (e.g., endpointdevice 65), such as alert messages, status messages, or othercommunications may be received by home automation control node 625, andthen transmitted to device driver 613 of gateway device 10. Homeautomation controller 605 may be configured to direct the receivedmessage to a remote IM client. Accordingly, IM client 610 may “package”the message received from the endpoint device into a message that may betransmitted using a presence and networking message protocol.

In the context of home automation in FIG. 11 , the gateway appliance 10is additionally provisioned with a home automation controller device 605that communicates with the IM client function 610 to facilitate homenetwork management, including: a home automation controller 605 thatinterfaces with a TV/Web interface 615 that interfaces with the digitalmedia adaptor component 635 and, a device driver 613 that interfaceswith the home automation network 620 (e.g., Zigbee network) via a homeautomation control node 625 that is responsible for communicating withthe “smart” devices designed for home automation. The digital mediaadaptor component 635 further communicates with the TV device 632 at thepremises and, the TV/Web interface 615 further interfaces with thecomputing device, e.g., PC 630 at the premises. Further, the IM clientfunctionality 610 interfaces with an IM client 650 that is either local(at the premises) or remote and may include a SIP phone or a PC.

In the context of home automation services, the appliance supportsmultiple types of home automation controllers and multiple protocolstandards including a variety of non-IP protocol standards and vendorspecific proprietary protocols such as Insteon, Zwave etc. This enablesthe user to integrate multiple vendor devices in the home. It is furtherunderstood that the controller device itself may support more than oneautomation protocol such as Insteon or (legacy) x10 devices and theseprotocols will be transported via RF or other suitable communicationpath. The gateway appliance 10 may communicate with controllers viavendor-specific protocols.

Via the IM client functionality 610 and IM server 99 c, the local orremote IM client 650 may be provided with IM-based state notificationmessages, e.g., messages of any alarm generated. Although such messagesmay not be initially transmitted using a presence and networking messageprotocol (e.g., IM protocol), gateway 10 may be configured such that IMclient 610 may transmit the messages (e.g., alert messages, etc.)received from messages to, for example, IM client device 650 using apresence and networking message protocol. The IM client device 650 mayreceive device state notification messages 672 via the appliance'se-mail application, a phone call, or at a PC directly. Thus, when eventsare detected, for example, a change in the device's status orparameter(s) the gateway appliance 10 generates alert notifications 670,via the notification manager which is part of the presence andnetworking module shown in FIG. 5C, for receipt at the IM client devicevia IM server.

Moreover, as shown in FIG. 11 , via the IM client 610 functionality, auser may control home networking devices 665 or home automation deviceslocally or remotely. For example, this functionality specificallyenables a user to configure and control networking devices and homeautomation devices, e.g., networked light switch controlling lightfixture 167 to show up as controllable entities, via a list (not shown),on another device, e.g., the PC 630 or television 632 via digital mediaadaptor 35 b such as shown in FIG. 11 . Thus, users receive immediatenotifications of changes or check on connectivity or status of the homedevices via communications from the gateway 10. Thus, gateway device 10may be programmed through a service offering or as a default, to enablethe notification directly on the TV via overlay onto a video signal atthe home.

Additionally, gateway device 10, through its device registry which ispart of the presence and networking module (e.g., IM client 610, etc.),provides a list of the device state/parameters (status) 162 of manydevices that are connected to the gateway for additional controlservices, e.g., via a local PC client notification message 161. Oneexample of such a notification is shown in FIG. 12 , which depicts anexemplary user interface 675 showing a generated list 680 of devicesconnected to the gateway 610 and their current status. Although devicesconnected to home automation control network 620 may not have presenceand network message capabilities, device driver 613 may communicate witheach endpoint device of home automation control network 620 to determinethe status and functionalities of the endpoint device, and provide thestatus and functionality information to a local or remote IM clientdevice (e.g., IM client device 650).

As described herein, gateway device 10 may have a configuration datafile (e.g., similar to configuration data 520 shown in FIG. 2 ) that maybe accessible by a user of gateway 10 or by a service provider, wherethe configuration file data is configurable so as to indicate the levelof “transparency” of whether an endpoint device is connected to the homeautomation network 620, what features are available, what the status ofthe endpoint device is, etc. User interface 675, as illustrated in FIG.12 , may be used to configure various endpoint devices.

For example, as shown in FIG. 12 , the presented columns include thedevice, device identifier, the device status (e.g., ON/OFF), a type ofdevice it is, and its scheduled operation/activity. Using the interface,a user may be able to control or change the status of a device, e.g.,lights, by selecting on/off functionality embodied as user selectablebuttons 677. The home automation controller functionality 605 of thegateway appliance 10 responds by generating appropriate signals that areforwarded to the home automation control node 625 to effect the statuschange of a particular device. In one embodiment, an additional controlinterface 685 is provided to effect a change in analog type devices,e.g., dimmer switch.

Thus, in using the exemplary interface, a user may check on the statusof each of these devices and send commands to change the statusinformation. Any change in status of these devices will come asnotifications or alerts. For example, an assisted living device 665,e.g., a sensor, monitors user behavior or biological function and checksbehavioral patterns against stored patterns. If there is determined abreak in the pattern, when detected by the system, an automaticnotification may be generated and provided to a user endpoint device,e.g., the PC or TV, etc.

As described herein with respect to file and content sharing, thegateway appliances are able to communicate with each other to shareinformation through using IM clients at each gateway device, whereinpresence and networking messages are sent via an IM server to one moregateway devices IM server functionality provided at the appliance. Themessages and commands may be communicated through a secure networkconnection.

IM Access and Control Display

As described above in connection with FIG. 11 , the home automationservice network is supported at least in part by gateway appliance 10,wherein the home automation service may be accessible by a user througha presence and networking protocol client (e.g., IM client) from a PC orany other suitable interface. Particularly, the gateway appliance 10 maybe configured to appear as a buddy in the user's buddy list. However, asthe one or more of the endpoint device connected to gateway device 10 donot themselves have presence and networking message capabilities, theymay not appear in the buddy list. The gateway appliance 10 may provide alisting of endpoint devices and their functions to a local or remote IMclient. Which endpoint devices are “visible” by a remote client, as wellas their respective available functions, may be, as described above,configurable by a user or by a service provider. The name for thegateway appliance 10 itself as it appears in an IM buddy client list isalso configurable.

Once a user selects the gateway appliance buddy from the buddy list, anumber of events may occur. The user may enter into an IM “chat” mode. Amenu option such as “home automation” may be presented to the user. Uponselection of the “home automation” option, the user may be prompted fora password. Once password authenticated, the user is capable ofrequesting status of one or more of the endpoint devices of the homeautomation network that are configured to be visible during an IMsession and report status information. The user may also change thestatus of a selected device, and may elect to receive notifications froma device (e.g., a user may update a configuration of the gateway devicesuch that associated endpoint devices may provide notifications). Anexemplary IM interface dialog may be presented to the user that displaysone or more of the following: whether any events have occurred in whichmay require user input, such that the user is prompted to enter aninstruction; request a Status Check; Change a device status; and Reviewan event log. In one example, upon selection of change device statusrequest, the user is prompted to select from options such as devicetype, (e.g., light switch, garage door, outlet, sprinkler system, etc.),a Main Menu option, or any other suitable option. Furthermore, in oneexample, upon selection of a device, (e.g., a garage door, etc.) theuser is prompted with additional selection options related to the firstselection (e.g., select a first garage door, a second garage door,etc.). Thus, the user interaction with gateway appliance 10 andassociated endpoint devices may text based and/or menu driven.

Program aspects of the technology may be thought of a “products,”typically in the form of executable code and/or associated data forimplementing desired functionality, which is carried on or embodied in atype of machine readable medium. In this way, computer programinstructions may be provided to a processor of a general purposecomputer, special purpose computer, embedded processor or otherprogrammable data processing apparatus to produce a machine, such thatthe instructions, which execute via the processor of the computer orother programmable data processing apparatus, so as to implementfunctions described above.

Terms regarding computer or machine “readable medium” (or media) as usedherein therefore relate to any storage medium and any physical orcarrier wave transmission medium, which participates in providinginstructions or code or data to a processor for execution or processing.Storage media include any or all of the memory of the gateway device orassociated modules thereof or any of the hardware platforms as may beused in the service management center, such as various semiconductormemories, tape drives, disk drives and the like, which may providestorage at any time for the software programming. All or portions of thesoftware may at times be communicated through the Internet or variousother telecommunication networks. Such communications, for example, mayenable loading of the software from one computer into another computer,for example, from the updater 51 a hardware platform for a gatewaydevice 10 or from another source into an element of the servicemanagement center 50. Thus, another type of media that may bear thesoftware elements includes optical, electrical and electromagneticwaves, such as used across physical interfaces between local devices,through wired and optical landline networks and over various air-links.The physical elements that carry such waves, such as wired or wirelesslinks, optical links or the like, also may be considered as mediabearing the software. Hence, the broad class of media that may bear theinstructions or data encompass many forms, including but not limited to,non-volatile storage media, volatile storage media as well as carrierwave and physical forms of transmission media.

Those skilled in the art will recognize that the teachings of thisdisclosure may be modified, extended and/or applied in a variety ofways. An extension of the system architecture, for example, provides theability of various and disparate third-party application serviceproviders to provide multiple application services independently.Application services are managed by the “managed” service providerthrough the service management center 50, meaning, generally,authorizing, provisioning, and monitoring the usage of a particularapplication service. This can be accomplished in a variety of ways withvarying degrees of involvement of, or coordination with, the servicemanagement center. The service management center 50 could manage theseitems “soup-to-nuts” or have minimal involvement. For example, theservice management center 50 could deal directly with the third-partyservice provider to acquire application services at the request of auser and manage the delivery, authorization, usage-monitoring andupgrading of the application service. At the other end of the spectrum,the managed service provider may have arrangements with the third-partyapplication service provider by which orders or requests from the usersmay come directly to the third-party application service provider, andservices are delivered to the user by the third-party service providerwho in turn coordinates with the managed service provider to registerand monitor the particular application service placed in the gatewaydevice 10. It should be noted that this ability to manage applicationservices extends through the gateway device into the endpoint devicesregistered or associated with the gateway or network.

While the foregoing has described what are considered to be the bestmode and/or other examples, it is understood that various modificationsmay be made therein and that the subject matter disclosed herein may beimplemented in various forms and examples, and that the teachings may beapplied in numerous applications, only some of which have been describedherein. It is intended by the following claims to claim any and allapplications, modifications and variations that fall within the truescope of the present teachings.

1-41. (canceled)
 42. A communication device for use at a user premisesto control operation of authenticated devices, the communication devicecomprising: one or more processors communicatively coupled to (1) atleast one end point device via a local network at the user premises and(2) a wide area network; and memory storing a plurality of third partyapplications and programming to, when executed by the one or moreprocessors, perform operations including: (a) facilitating registrationof at least one of the communication device or the at least one endpointdevice with one or more of third-party service providers, (b)maintaining local storage and access of authentication information basedon the registration, (c) enabling key-based authentication of theregistered at least one of the communication device or at least oneendpoint device with the one or more third-party service providers basedon the locally stored authentication information, and (d) enablingrenewal of the key-based authentication performed via bi-directionalcommunication over the wide area network with the one or morethird-party service provider, wherein the renewal is enabled based, atleast in part, on a portion of the locally stored authenticationinformation.
 43. The communication device of claim 42, wherein theprogramming, when executed by the one or more processors, causes thecommunication device to authorize, authenticate, configure, and/ormanage use of the communication device and/or the at least one endpointdevice.
 44. The communication device of claim 42, wherein theprogramming, when executed by the one or more processors, cause thecommunication device to manage application services provided via thewide area network through the at least one interface.
 45. Thecommunication device of claim 42, wherein the programming, when executedby the one or more processors, causes the communication device toestablish peer communications between the communication device and aremote server via the wide area network.
 46. The communication device ofclaim 42, wherein the at least one endpoint device includes a personalcomputer, a cell phone, a personal digital assistant, a remote control,a speaker, a streaming device, a security camera, an audio device, atelevision, a set top box, or any combination thereof.
 47. Thecommunication device of claim 42, wherein the authentication informationincludes credentials for renewed key-based authorization.
 48. Thecommunication device of claim 47, wherein the key-based authenticationhas an expiry time, and the renewal of the key-based authentication isenabled after the expiry time has passed.
 49. The communication deviceof claim 42, wherein the authentication information includes credentialsused to authenticate bi-directional communication with the respectiveone of the plurality of the third-party providers.
 50. A communicationdevice for use at a user premises, the communication device comprising:one or more processors communicatively coupled to (1) at least one endpoint device via a local network at the user premises and (2) a widearea network; and memory that stores instructions executable by the oneor more processors to cause the communication device to performoperations, including: authenticating the communication device with oneor more third-party service providers based on locally storedauthentication information, wherein at least a portion of the locallystored authentication information was based, at least in part, onregistering the communication device with the one or more third-partyservice providers, in response to successful authentication of thecommunication device, renewing key-based authentication for enablingcommunicating with the one or more service providers, and receivingmedia from the one or more third-party service providers enabled by therenewed key-based authentication.
 51. The communication device of claim50, wherein the instructions, when executed by the one or moreprocessors, causes the communication device to authorize, authenticate,configure, and/or manage use of the communication device and/or the atleast one endpoint device.
 52. The communication device of claim 50,wherein the instructions, when executed by the one or more processors,causes the communication device to manage application services providedvia the wide area network through the at least one interface.
 53. Thecommunication device of claim 50, wherein the instructions, whenexecuted by the one or more processors, cause the communication deviceto establish communications between the communication device and aremote server, associated with the respective one of the plurality ofthird-party service providers, via a wide area network.
 54. Thecommunication device of claim 50, wherein the at least one endpointdevice includes a personal computer, a cell phone, a personal digitalassistant, a remote control, a television, a set top box, or anycombination thereof.
 55. The communication device of claim 50, whereinthe authentication information includes credentials used to renewkey-based authorization.
 56. The communication device of claim 50,wherein the authentication information includes credentials used toauthenticate bi-directional communication with the respective one of theplurality of the third-party providers.
 57. A communication device foruse at a user premises to control operation of authenticated devices,the communication device comprising: one or more processorscommunicatively coupled to (1) at least one end point device via a localnetwork at the user premises and (2) a wide area network; and memorystoring a plurality of third party applications and programming to, whenexecuted by the one or more processors, perform operations including:(a) facilitating registration of the communication device with athird-party service provider, (b) receiving and managing local storageof authentication information based on registration of the communicationdevice, (c) enabling key-based authentication of the registeredcommunication device based on the received authentication informationstored locally by the memory, and (d) enabling renewal of the key-basedauthentication performed via bi-directional communication over the widearea network with the one or more third-party service provider based onthe locally stored authentication information.
 58. The communicationdevice of claim 57, wherein the programming, when executed by the one ormore processors, causes the communication device to authorize,authenticate, configure, and/or manage use of the communication device.59. The communication device of claim 57, wherein the programming, whenexecuted by the one or more processors, causes the communication deviceto establish peer communications between the communication device andthe remote server via the wide area network.